InCommon/SectiGo Certificate Manager - Requesting a New Certificate

How to Sign into the InCommon/SectiGo Certificate Manager - https://service.purdue.edu/TDClient/32/Purdue/KB/ArticleDet?ID=1210

Requesting a new InCommon Certificate 

1. From the Certificate Manager, click on the three lines (hamburger icon) in the upper right.  This will open a submenu on the right side. 

2. Click on the Certificates option.  This will open a submenu below Certificates. 

3. Click on SSL Certificates. 

4. This will open a page with all the certificates for the department you have been assigned. 

5. In the upper left corner, click on the green circle with the white plus sign.  This will start the Request SSL Certificate pop-up wizard. 

6. On the first screen, make sure the option “Using a Certificate Signing Request (CSR) is chosen, click on the Next button in lower right. 

7. On the details screen, the following should be completed: 

   1. Organization should be left as Purdue University 

   2. The department should default to the department you have been assigned.  Note, if you have been assigned to multiple departments, click on the triangle to bring up a drop-down list of departments to choose from. 

   3. The certificate profile shows the different types of certificates you can assign. 

      1. If the certificate does not have any Subject Alternate Names (SAN), chose the profile “InCommon SSL (SHA-2) 

      2. If the certificate you are requesting does have SANs, chose the profile “InCommon SSL Multi Domain Generate Profile”. 

   4. In the certificate term field enter either 1 year or 398 days – these are the only two options the term can be set to.  This will specify with the certificate will expire. 

   5. The requestor field will default to you and cannot be changed. 

   6. The Commons field is where you record any other data for the cert you need to track. 

   7. In the notification field, enter the email contact for the certificate – preferably a group email.  This email will be used to send the download links for the certificate and who to notify when the cert is about to expire.  Once you enter the email address, it is important that you click on the + (plus sign) to the right of the email field.  If you do not do that, the system will not save the email address in the certificate.

8. Click on Next 

9. In the CSR field, paste in the CSR for this certificate. 

10. On the Domains screen 

    1. If the cert you are requesting does not have any SANs, the common name from the CSR will be displayed. 

    2. If the cert you are requesting does have SANs, any SANs from the CSR will also be displayed and you can also enter additional ones. 

11. Click on Next 

12. On the Auto-Renewal, leave the default and click on OK 

13. This will send the request to SectiGo/InCommon to build the certificate.  Once that is done, you and the email you provided will receive an email with the download links.  This usually takes less than 30 minutes.