InCommon/SSL Certificate Self-Service

A knowledge base article about InCommon/SSL Certificate Self-Service provided by the UC Berkeley IT Service Hub - Knowledge Portal

Background

The process described here is for requesting SSL certificates for your delegated domains within the Sectigo / InCommon certificate manager.  This process assumes you have been granted a login to the certificate manager and that domains have been delegated to your department already.

Process

Certificate Manager Login

  1. Access the certificate manager
  2. Select University of California, Berkeley as your home organization to be redirected to CalNet SSO.
  3. After authentication you will be redirected to the certificate manager.

Certificate Requests

NOTE: To request a certificate you must already have a valid certificate signing request (CSR) with a minimum RSA - 2048 key. For help generating CSRs please see your operating system or application documentation. Additional help can be found at the following links Choose Your Server Here and Web Certificates
  1. Within certificate manager select the menu icon at the top-left and then select Certificates > SSL Certificates.

    Screenshot of Certificate Manager Menu Bar Open
  2. Select the green add button in the top-right corner of the screen to open the certificate request wizard.
  3. Leave the enrollment method as Using a Certificate Signing Request (CSR) and select Next.
  4. In the Details page select the appropriate Certificate Profile. Common profiles include:

    InCommon SSL Single General Profile (the majority of use-cases for single subject certificates)
    InCommon Multi Domain General Profile (for certs with more than one subject name or SAN)

  5. Select the maximum Certificate Term.
  6. Under Notifications enter your email address, or preferably a mailing list for your department. Important: You must click the plus button or hit <enter> when adding email addresses, otherwise they will not be saved.

    Screenshot of Certificate Request page with fields filled in and red arrows pointing at customized field properties

  7. Click Next
  8. Paste your CSR and then click Next.

    Screenshot of Certificate Request page with CSR pasted in

  9. Validate your Domain(s) and then click Next.
  10. Click OK to finish the request.
  11. You will be returned to your list of SSL certificates. You should see your new request with the status of REQUESTED.
  12. Check the box next to your new certificate request and then select Approve. Enter anything you like for the message.

    Screenshot of user's list of SSL certificates with Approve tab circled

  13. The certificate request will change to ISSUED after a short period.
  14. An email with download links to your certificate will be sent to the address you entered in step 6.

Related KBs

InCommon Certificate Chain