Request a Certificate
Generate a Certificate Signing Request
To request a certificate, first generate a Certificate Signing Request (CSR) on your web server. The instructions to accomplish this are specific to the web server software you're running. Comodo has CSR generation guides for many popular web servers.
The CSR generation process will ask for the following information. For example replies, see below:
commonName (CN) = (server name - e.g.: www.meyer.umn.edu)
organizationName (O) = University of Minnesota
organizationalUnitName (OU) = (department name - e.g.: College of Liberal Arts)
locality (L) = Minneapolis
stateOrProvinceName (ST) = Minnesota
country (C) = US
You can have zero or more organizationalUnitNames (OU) in your request. We recommend you put a department or coordinate campus name in this field. We further recommend that you spell out any abbreviations, especially if your site will be used by people outside your area. For example, use "OU=College of Liberal Arts", not "OU=CLA". You can have more than one OU field if you like.
For the private key length, 2048 bits is now the minimum for RSA keys.
While SHA-2 signatures are now the norm for issued certificates, you do not have to use SHA-2 to sign your CSR
Sending the Request to InCommon
Next, go to the InCommon certificate enrollment site to request your certificate. You'll need to enter a umn.edu email address (a departmental account or support address rather than a specific person is usually a good idea) and the access code to proceed to the enrollment form (you must be logged in to your University account be able to access the code through this link).
Here are some tips for completing the form:
Leave the Common Name field blank, and use the "Get Common Name from CSR" button under the CSR field to fill it in for you after you've pasted your CSR.
Uncheck the Address fields for a cleaner certificate Subject, if desired.
In the Comment field, please include the name, Internet ID/email address and phone number of someone who can provide approval for the request. If you use a departmental or support address to request the cert, it is helpful if you also include the specific person who is making the request here. We currently contact this person to ensure that they actually submitted it.
After you submit the form, we (the UMN SSL certificate administrators) will be notified so we can approve your request. After it is approved and the certificate is signed by the CA (which usually takes only a couple minutes), you will get email with links to pick up the certificate (and the intermediate CA cert(s)).
If you have an expired certificate you need replaced, send email to firstname.lastname@example.org to request that we expedite your request. For best results, use the word "URGENT" subject line.