This site requires JavaScript to be enabled
An updated version of this article is available

SSL Certificate Self-Service

466 views

5.0 - Updated on 2025-10-14 by Jonathon Taylor

4.0 - Updated on 2024-06-01 by Jonathon Taylor

3.0 - Updated on 2024-06-01 by Madelyn Fukuda

2.0 - Updated on 2024-06-01 by Jonathon Taylor

1.0 - Authored on 2023-05-31 by Jonathon Taylor

Background

The process described here is for requesting SSL certificates for your delegated domains within the Sectigo / InCommon certificate manager.  This process assumes you have been granted a login to the certificate manager and that domains have been delegated to your department already.

Process

Certificate Manager Login

  1. Access the certificate manager at https://cert-manager.berkeley.edu
  2. Select University of California, Berkeley as your home organization to be redirected to CalNet SSO.
  3. After authentication you will be redirected to the certificate manager.

Certificate Requests

NOTE: To request a certificate you must already have a valid certificate signing request (CSR) with a minimum RSA - 2048 key. For help generating CSRs please see your operating system or application documentation. Additional help can be found at https://sectigo.com/faqs/product/Choose_Your_Server_Here and https://calnet.berkeley.edu/calnet-technologists/web-certificates
  1. Within certificate manager select the menu icon at the top-left and then select Certificates > SSL Certificates.



  2. Select the green add button in the top-right corner of the screen to open the certificate request wizard.
  3. Leave the enrollment method as Using a Certificate Signing Request (CSR) and select Next.
  4. In the Details page select the appropriate Certificate Profile. Common profiles include:

    InCommon SSL (the majority of use-cases for single subject certificates)
    InCommon Multi Domain SSL (for certs with more than one subject name or SAN)

  5. Select the maximum Certificate Term.
  6. Under Notifications enter your email address, or preferably a mailing list for your department. Important: You must click the plus button or hit <enter> when adding email addresses, otherwise they will not be saved.



  7. Click Next
  8. Paste your CSR and then click Next.



  9. Validate your Domain(s) and then click Next.
  10. Click OK to finish the request.
  11. You will be returned to your list of SSL certificates. You should see your new request with the status of REQUESTED.
  12. Check the box next to your new certificate request and then select Approve. Enter anything you like for the message.



  13. The certificate request will change to ISSUED after a short period.
  14. An email with download links to your certificate will be sent to the address you entered in step 6.

Related KBs

InCommon Certificate Chain
Revised by Jonathon Taylor
Last modified 2024-06-01 14:57:37