https://it.cornell.edu/ssl/renew-or-request-ssl-certificate
How do I request an SSL certificate?
- Generate a Certificate Signing Request (CSR). See instructions from Comodo .
- Complete the Cornell University SSL Certificate Service request form.
- Wait for your request to be approved. You will receive an email confirming receipt of your order and telling you that it is pending approval.
- We will approve your request within one business day. After the request is approved, it may take several hours to 2 days before the certificate is issued to you by Comodo.
If you do not receive the certificate two business days following your request, contact the IT Service Desk. - You'll receive an email containing the certificate download link. Download it, and install it on your server. See installation instructions from Comodo .
- Use the SSL Installation Checking tool to verify your installation:
We used multi-domain SSL certificate for our servers.
What is a multi-domain SSl certificate?
A multi-domain certificate allows you to secure a primary domain, and up to 99 additional fully qualified domains, in a single certificate. It is best for organizations that have multiple unique domains hosted on a single server.
- The domains included in multi-domain certificate do not have to have unique IPs.
- It must be reissued each time you want to add a new host/domain name to the certificate.
When generating a CSR for multiple domain certificate, enter the primary domain name in common name field. In SSL request form's Subject Alternative Names field, enter the rest of domain names that you want included in the certificate.
CSR Generation: Using OpenSSL (Apache w/mod_ssl, NGINX, OS X)
openssl req -nodes -newkey rsa:2048 -keyout xcu-aad-03.key -out xcu-aad-03.csr -subj "/C=US/ST=New York/L=Ithaca/O=Cornell Univ./OU=AAD/CN=aad.cornell.edu"
Complete the Cornell University SSL Certificate Service request form.
In SSL request form's Subject Alternative Names field, enter the rest of domain names that you want included in the certificate.
www.aad.cornell.edu, test.aad.cornell.edu, app.aad.cornell.edu, app-test.aad.cornell.edu, cornellconnect.cornell.edu, www.cornellconnect.cornell.edu, campaign.cornell.edu
Install the certificate on your server.
See installation instructions from Comodo .
Use the SSL Installation Checking tool to verify your installation: