SSL Certificates, Generating SSL Certificates with the InCommon console
For designated Sectigo (Comodo) account holders, how-to generate certificates
Note (added September 2019): the Sectigo/Comodo self-service pilot is now complete. The self-service pilot is over and that we are no longer accepting applications for self service users. Unfortunately providing console access to the Sectigo/InCommon tool was not found to be a viable solution due to identity/group support scaling and supportability issues. Thanks for helping us test that option. Please see the main SSL Certificate Manager KB for current options.
To log in to the web interface, visit: https://go.illinois.edu/comodo. Choose to sign in with "InCommon Federated Login."
Choose your campus, then continue to log in via Shibboleth with your UIUC AD credentials.
Navigating the Web Interface
The navigation bar at the top of the screen contains the main areas of the interface. The "Dashboard" is loaded by default.
Select "Certificates" to add/change your certificates, or "Settings" to add or see the domains you are authorized to request certificates for.
If you do not see the domain that you need, you can click on the "Domains" sub-tab and then "Delegations" to add one. Contact firstname.lastname@example.org to get the new domain approved by an admin.
Requesting a New Certificate
Once you have been approved to request a certificate for your domain, click on "Certificates" in the menu bar, then click the "Add" button:
Make sure that "Manual creation of CSR" is selected, then click "Next" in the lower right-hand corner.
Paste in your CSR. Be sure that your CSR is at least 2048-bits and that you have access to the FQDN that the CSR is for (see note above). Click "Next" in the lower right-hand corner.
Choose "University of Illinois", your department name, the type of certificate that you want, the desired term and the server software you are using from the drop-down boxes.
The common name will auto-populate based on what is in your CSR. Click "Next" in the lower right-hand corner. Then choose your auto-renewal preference and click "OK".
Your certificate will then appear in the certificate list with a status of "Requested". Click on the radio button next to it and then click "Approve". Enter any notes that you like, and then click "OK".
Retrieving a New Certificate
You will receive an email with a link to log in and download your new certificate as soon as it is ready. You will be able to choose from the following formats:
- X509 Certificate only, Base64 encoded (most common option)
- PKCS#7 Base64 encoded
- PKCS#7 Bin encoded
- X509 Intermediates/root only, Base64 encoded
- X509 Intermediates/root only Reverse, Base64 encoded
InCommon maintains a complete set of documentation on all the features available in the web interface as well as best practices on their website at https://www.incommon.org/certificates/repository/.
If you have a question that is not answered by the documentation, e-mail email@example.com for assistance.