SSL Certificates for UNLV Personnel
As of August 2016, the Office of Information Technology is offering InCommon SSL certificates, provided through Comodo, at no cost, for all university departments.
Please contact the Operations Center (OC) if you have any questions about SSL Certificates.
Requesting an SSL Certificate
- If you have never requested a SSL Certificate from the Operations Center, please call prior to submitting a request. We want to make sure that the certificates we offer align with your needs prior to a request being submitted.
Prior to submitting a request (Requester)
- Request IP address and/or DNS if applicable
- Generate certificate signing request, help information is available from the Comodo website
1. Submit SSL certificate request (Requester):
- Visit the following website: https://cert-manager.com/customer/InCommon/ssl?action=enroll
- The access code will be populated using this link, enter in your @unlv.edu address, and click Check Access Code.
- Complete the Self Enrollment form. All important fields are explained below:
- Certificate Type InCommon SSL (SHA-2)
- InCommon SSL (SHA-2) certificates are a single domain certificates that will secure one fully qualified domain name. These certificates create a secure, confidential communications pipe between the Web server and the browser or between servers. Use this type of certificate where identification of both the Web server and the browser is required.
- Please contact the OC for the additional certificate type options.
- Certificate Term - Length that the SSL certificate will be valid (1 year maximum)
- Server Software - The type of server the certificate will be installed on. Select "Other" if your server software is unlisted.
- CSR - A Certificate Signing Request (CSR) is required in order for Comodo to issue the certificate for the domain. The CSR can be pasted into the field or uploaded as a text file.
- Common Name - Fully qualified domain name that the SSL certificate will be issued for. A properly generated CSR should automatically populate this field.
- Renew: Optional field for automatic renewal. This field should be left blank in most cases.
- Pass-phrase - Optional field that enables you to revoke the certificate by yourself if needed. This should be treated as a password and stored securely.
- External Requester - This is used if additional emails or a group (department) email address is needed for certificate notifications. If you do not have any additional email addresses, please leave this field blank.
- Certificate Type InCommon SSL (SHA-2)
- Click Enroll
- The OC will process the request and contact you if any additional information is required.
2. Review request (Operations Center)
- Receive notification of certificate request
- Review request (the OC will contact the requester if there are any questions)
- Assign available certificate to domain
- Send pickup email to the requester
3. Retrieve and install SSL certificate (Requester)
- Once the request is approved an email will be sent to the requester with a link to retrieve the certificate
- Use the link in the email to directly download the certificate.
- To obtain the Comodo seal from the Trust Seal page.
- Select the Comodo seal that you want to use. The appropriate HTML code appears in the scrolling field below the examples.
- Copy and paste the HTML into your Web site.
- For information about how to install the certificates on specific Web servers, visit the Comodo support website.
4. Receive expiration reminder 1 month prior
- The OC will send expiry notifications to requester (30 and 10 days prior to expiration)
- Requester will approve the renewal by resubmitting the SSL request (Step 1) or reply to the e-mail indicating to allow it to expire.
- Requestor will retrieve and install new SSL certificate (step 3).
How long will it take for me to receive a certificate?
- Properly requested certificates are usually available in one business day.
Who pays for the SSL Certificates?
- The Office of Information Technology.
What types of SSL certificates do you offer through InCommon?
- InCommon SSL (SHA-2)
- This is a Single Domain Certificate that will secure a single fully qualified domain name. This is the most commonly requested certificate type.
- InCommon Wildcard SSL Certificate (SHA-2)
- A wildcard certificate that will secure the domain and unlimited sub-domains of that domain.
- InCommon Multi Domain SSL (SHA-2)
- Multi-Domain Certificates will secure up to 100 different domain names on a single certificate
Do you offer code signing or additional types of SSL certificates?
- Yes, please contact the OC with your specific SSL certificate requirements and we can match you with additional certificate types that will best fit your needs.
What happens when SSL Certificates are about to expire?
- The OC will send email notification to the SSL owner when the certificate will expire within 30 days of its expiration and a reminder at 10 days.
- Requestor will approve the renewal by resubmitting the SSL request (Step 1) and retrieving and installing the SSL (Step 3).
I no longer need the SSL Certificate, what now?
- If you no longer need a certificate, it can be revoked. Please contact the OC to revoke your SSL certificate.
- The OC will conduct periodic reviews to ensure that certificates are in use.
What is expected of me? What is expected of the OC?
- SSL Requester responsibilities:
- Submit SSL certificate request using URL provided above
- Install SSL certificate
- Notify the OC when certificates are no longer needed
- Operations Center responsibilities:
- Process SSL certificate requests (purchase SSLs)
- Send reminder notifications to SSL requester prior to certificate expiring (approximately 30 and 10 days prior)
- Conduct periodic audits to ensure certificates are in use