Background
This guide outlines the process for requesting S/MIME client certificates for your primary @berkeley.edu account. It assumes you are familiar with configuring your email client, as CalNet does not provide support for email client configuration.
| NOTE: S/MIME certificates will be issued with the subject CN=University of California, Berkeley. This is normal, your email address will be included as a subject alternative name (e.g. rfc822name=user@berkeley.edu) |
Process
- Open a private/incognito browser window and navigate to the Certificate Manager page.
- If prompted select InCommon Federated Login.
- Select University of California, Berkeley from the InCommon screen.
- Log in with your CalNet credentials.
- You will either see a list of existing certificates, or you will be prompted to enroll your first certificate. If you see a list of existing certificates go to the next step, otherwise skip to step 7.
- At the top right of the Certificate Manager select Enroll Certificate.
- When prompted to Enroll with Access Code, use the word oski as the Access Code.
- Set the Certificate Term. The default for this drop-down is 1 year, but it can be set to last as long as 2 years.
- Select the desired key type or leave the default.
- Agree to the Sectigo Client Certificate EULA and then click Submit.
- On the next page select the key protection algorithm. Note that the default algorithm, AES256-SHA256, may not work with some email clients. If you are using a Mac or IOS device, you may need to select the TripleDES-SHA1 algorithm.
- Choose a password for the certificate and enter it twice. This is the password for the certificate’s private key. You will need this to import and use the certificate.
- Click Download to save the certificate locally. You will be returned to the list of your certificates where you can also re-download the certificate or revoke it if needed.