Requesting SSL Certifications
Prior to the expiration of the current KnowledgeBase SSL Certificate, a new one must be enrolled. Follow the instructions below to generate a CSR (Certificate Signing Request) and enroll a new SSL (Secure Socket Layer) Certificate.
This article explains how to generate a CSR and then enroll a new SSL certificate.
Preparation (What will you need?)
- OpenSSL - You will need access to OpenSSL, which is a command line utility
that will be used to generate the CSR. OpenSSL comes installed on Mac OS
X "out of the box", but it must be downloaded and installed on Windows. Alternatively, you can remotely log into a server that already has OpenSSL by using an SSH client.
- Web Browser - You will be using a web browser to access a few different web forms.
- Command Line - You will be using a command line to run the OpenSSL command
that generates the CSR. If you have OpenSSL installed on your personal
computer, you will use either Command Prompt (Windows) or the Terminal
(Mac OS X). If you decide to remotely log into a server that has OpenSSL
and you are using a Windows computer, you will need to download and use PuTTY, an SSH client. Mac OS X has an SSH client installed "out of the box" for remote logging.
- Certificate Details - You will need to gather this information, as it will need to be submitted along with the CSR.
SSL Certificate Type
- InCommon Access Code - You will need an access code when enrolling the SSL Certificate.
- Brief description of the service - You will need to enter this in the comments field of the form.
- Team email address - This must be provided to allow for continuity, and should be put in the External Requester field on the form.
Instructions (How do I generate the CSR and enroll the SSL Certificate?)
- Generate the OpenSSL Code - This code will be used later to create the CSR.
- Navigate to the OpenSSL CSR Wizard web app, and fill out the left hand side of the web form with the correct common name. You will also need to enter the correct geographical information for UW Milwaukee and choose RSA 2048 for the "Key Size".
- Then, Click "Generate". The correct OpenSSL code will appear on the right hand side of the web form.
- Generate the CSR - Use OpenSSL in the command line to generate the CSR.
- Open the command line. See "Tools" above to determine which command line interface you will be using.
- In the command line, paste the OpenSSL code that was generated from the OpenSSL CSR Wizard in the previous step.
- Press Enter/Return on the keyboard. OpenSSL will create two files in the working directory named kb.uwm.edu.key and kb.uwm.edu.csr. These two files contain the private key and the CSR, respectively.
- Enroll the SSL Certificate - Submit the CSR to InCommon.
- Navigate to the InCommon Certificate Manager.
- Enter the access code given above under "InCommon Access Code" along with the email address of the administrator of the site or application which will be using the certification. The administrator should be the person filling out the form. Then Click "CHECK ACCESS CODE".
- A new web form will appear. Enter the correct certificate details, which are given above under "Certificate Details".
- Upload the CSR file. To do this, click "UPLOAD CSR" and navigate to the file created by OpenSSL in the previous step. Then click "SUBMIT".
- Finally, click "ENROLL" at the bottom of the web form.
You have successfully enrolled a new SSL Certificate!