How-toCreate a server certificate
The following how-to explains how to create a server certificate
1. Generate a Certificate Request using tools provided by your server operating system. This will generate an asymmetric key pair. To do this you will need the following information:
- Country C=DE
- Organization O=Ruprecht-Karls-Universitaet Heidelberg
- Organizational Unit OU=(institute)
- City/Location L=Heidelberg
- State ST=Baden-Wuerttemberg
- “Common Name” CN= (full qualified server name as in the name server)
- Key length = 4096 bit
In Linux, you will use the following commands:
Command 1: dd if=/dev/urandom of=randfile bs=4096 count=1
Command 2: openssl genrsa -out server.key -rand randfile 4096
Command 3: chmod og-rwx server.key
Command 4: openssl req -new -key server.key -out server.csr
2. Copy and save the Certificate Request server.csr on your local system.
3. Open the Sectigo Certificate Manager (see link) and click "Your Institution", found under "Identity Provider".
4. Enter, for example, “Heidelberg” in the search box and click on the suggestion "Universität Heidelberg".
5. Next, authenticate yourself with your Uni ID and the corresponding password.
6. After navigating back to Sectigo Certificate Manager, upload the prepared CSR to the page and fill out the request form.
Under the item "External Requester", you can specify additional recipients of the certificate (e.g. another server administrator). Click on “Submit” to submit the request.
7. After the URZ has reviewed the request, the requester and any “External Requesters” will be informed by email. The certificate (incl. certificate chain) can be downloaded via the link included in the email and then added to the user's server environment.
