Versions Compared

Old Version 2

changes.mady.by.user Lin Xue

Saved on

compared with

New Version 3

changes.mady.by.user Lin Xue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

https://it.cornell.edu/ssl/renew-or-request-ssl-certificate

How do I request an SSL certificate?

  1. Generate a Certificate Signing Request (CSR). See instructions from Comodo .
  2. Complete the Cornell University SSL Certificate Service request form.
  3. Wait for your request to be approved. You will receive an email confirming receipt of your order and telling you that it is pending approval.
  4. We will approve your request within one business day. After the request is approved, it may take several hours to 2 days before the certificate is issued to you by Comodo.
    If you do not receive the certificate two business days following your request, contact the IT Service Desk.
  5. You'll receive an email containing the certificate download link. Download it, and install it on your server. See installation instructions from Comodo .
  6. Use the SSL Installation Checking tool to verify your installation:

 

We used multi-domain SSL certificate for our servers.  

What is a multi-domain SSl certificate?

 

A multi-domain certificate allows you to secure a primary domain, and up to 99 additional fully qualified domains, in a single certificate. It is best for organizations that have multiple unique domains hosted on a single server.

...


When generating a CSR for multiple domain certificate, enter the primary domain name in common name field. In SSL request form's Subject Alternative Names field, enter the rest of domain names that you want included in the certificate. 

Check the current SSL: https://www.sslshopper.com/ssl-checker.html

CSR Generation: Using OpenSSL (Apache w/mod_ssl, NGINX, OS X)

...

Code Block
languagebash
 
openssl req -nodes -newkey rsa:2048 -keyout xcu-aad-03.key -out xcu-aad-03.csr -subj "/C=US/ST=New York/L=Ithaca/O=Cornell Univ./OU=AAD/CN=aad.cornell.edu"
 

 

Complete the Cornell University SSL Certificate Service request form.

In SSL request form's Subject Alternative Names field, enter the rest of domain names that you want included in the certificate.

Code Block
languagebash
 
test.aad.cornell.edu, app.aad.cornell.edu, app-test.aad.cornell.edu, cornellconnect.cornell.edu, campaign.cornell.edu
 

 

Install the certificate on your server.

See installation instructions from Comodo .

Use the SSL Installation Checking tool to verify your installation: