Requesting Digital Server Certificates
**Please note that ALL Certificates issued from this service use a chained certificate hierarchy. To avoid any Intermediate CA Certificate browser errors, be sure you have installed all of the required certificates on your system. For more information, please visit our FAQ section.**
The Information Security and Policy Office (ISPO) are offering centrally funded SSL certificates to UI System Administrators through the InCommon Digital Certificate service.
How do I get a TLS for my iowa-domain system?
There are 2 ways with which to do this.
- Where possible Campus System Admins (ITS, HCIS etc.) should contact The Information Security and Policy Office or their Departmental Registration Authority Organization (DRAO – “certificate approver”) to get your unique departmental “Access Code”. Follow the steps below using that DRAO-specific code in place of the enterprise code listed below.
NOTE: Campus administrators with co-managed systems should work with their "Primary" contact in SST to facilitate with management of TLS if needed.
- UI departments that have no DRAO should utilize the Enterprise Account when filling out the certificate request form, using the assigned Enterprise Access Code: uiowa-1nC0m.
|Healthcare and Information Systems (UIHC included)||R7927HCib-211|
|College of Public Health||rCoPh-7329i|
How to fill out the online certificate request form
- Go to https://cert-manager.com/customer/InCommon/ssl?locale=en
- Select Certificate Enrollment
- Enter in the Access Code: uiowa-1nC0m and your university e-mail address; click the Check Access code button to proceed (non-university e-mail addresses will not work).
Make certain all fields on the form with the red asterisk are correctly filled out
- Choose the type of TLS you need (TLS descriptions and restrictions below)
- Fill in the Common Name (CN)
- Choose the appropriate server OS
- Select the validity period of the TLS
- Paste in your 2048-bit CSR – Note: the interface will not accept any key lengths less than 2048-bit.
- Enter a pass-phrase (required to revoke the certificate)
- Add in additional comments you would like to associate the TLS with (these will not be included in the certificate).
- Select “Submit”
Once approved you should receive an e-mail with instructions on how to download and install the TLScertificate.
NOTE: While most requests are processed within 24 hours, we only guarantee a 72 hour turnaround time on requests. Therefore, it is imperative that you plan accordingly. Certificates will NOT be issued outside of normal business hours.
If you have questions or problems processing your request for a digital certificate using the steps described above, contact The Information Security and Policy Office or your DRAO to have them process the TLS request on your behalf.
Available Digital Certificate Options:
Single domain name certificate.
Secures up to 100 different domain names on a single certificate.
|InCommon Wild Card SSL||
Secures the domain and unlimited sub-domains of that domain. These must be preapproved by the ISPO.
|InCommon Unified Communications Certificate (UCC)||Subject Alternate Name certificate. Must be reissued each time you add a new host/domain name.|
Extended Validation (EV) SSL/TLS
|Extended Validation certificates provide the highest levels of encryption, security and trust and immediately reassure web site visitors that it is safe to conduct online transactions by turning the address bar green on next generation browsers.|
|Secure/Multipurpose Internet Mail Extensions (S/MIME) or Client certificates, used primarily to digitally sign or encrypt e-mail messages.|
Extended Validation (EV) Certificates
EV Certificates are available from Comodo/Sectigo through the University's Digital Certificate Service. Due to the nature of the validation, the process for obtaining an EV certificate is significantly longer approximately two-four weeks; so please plan ahead.
Requesting EV Certificates
Follow the instructions above to get to the online certificate request form then fill out all of the fields, making sure you select "Comodo SGC EV certificate" in the drop down “Type” field, paste in the CSR and submit the form. ISPO will approve the CSR request and forward it to Comodo/Sectigo.
Make note of your order number when you submit the form, as you will need it to complete the second step in the EV Certificate request process. Once you get your order number download and complete the .pdf form by clicking this UI-Comodo EV Certificate Request Form link.
***The form is where you must include your order number from the initial web certificate request, in either the subject and body of the email or on your fax cover sheet.***
As this form has been pre-filled only complete the "Domain Name(s)", "Certificate Requester", "Signature" and "Date" sections.
For legal reasons, the pre-populated form fields must not be altered or your request will be denied.
Send the completed form to Comodo/Sectigo via email or fax.
For more information on EV Certificates, click the following InCommon Extended Validation Certificates page link.
Note: The instructions on this page will indicate that a submission of a Subscriber Agreement and Legal Opinion letter are required. These have already been submitted on behalf of The University of Iowa; discard those details. You need only submit the Comodo EV Certificate Request Form. Feel free to contact the Information Security and Policy Office if you have additional questions.
For more information about the InCommon Cert Service, click on one of the appropriate links below:
Instructions on how to generate a CSR visit: https://support.comodo.com/
Technical support and troubleshooting is being provided by Comodo/Sectigo via email, a web ticketing system and telephone. Comodo/Sectigo's web site includes a Knowledge Base and step-by-step troubleshooting guide.
More information can be found at support.comodo.com.
Please note: you must register an account before you can take advantage of their support.
* Email: email@example.com (24x7)
* Web: support.comodo.com (24x7)
* Phone:+1-888-266-6361, +1-703-581-6361 (5:00 AM – 8:00 PM EST, Mon-Fri)
TLS Server Certificates FAQ | TLS Certificate Guidelines |