SSL Certificates, Generating SSL Certificates with the InCommon console

For designated Sectigo (Comodo) account holders, how-to generate certificates

Note (added September 2019): the Sectigo/Comodo self-service pilot is now complete. The self-service pilot is over and that we are no longer accepting applications for self service users. Unfortunately providing console access to the Sectigo/InCommon tool was not found to be a viable solution due to identity/group support scaling and supportability issues. Thanks for helping us test that option. Please see the main SSL Certificate Manager KB for current options. 

To log in to the web interface, visit: https://go.illinois.edu/comodo. Choose to sign in with "InCommon Federated Login."

Sign-in form

Choose your campus, then continue to log in via Shibboleth with your UIUC AD credentials.

Navigating the Web Interface

The navigation bar at the top of the screen contains the main areas of the interface. The "Dashboard" is loaded by default.

Navigation

Select "Certificates" to add/change your certificates, or "Settings" to add or see the domains you are authorized to request certificates for.

If you do not see the domain that you need, you can click on the "Domains" sub-tab and then "Delegations" to add one. Contact certmgr@illinois.edu to get the new domain approved by an admin.

Requesting a New Certificate

Once you have been approved to request a certificate for your domain, click on "Certificates" in the menu bar, then click the "Add" button:

Add button

Make sure that "Manual creation of CSR" is selected, then click "Next" in the lower right-hand corner.

Manual creation of CSR

Paste in your CSR. Be sure that your CSR is at least 2048-bits and that you have access to the FQDN that the CSR is for (see note above). Click "Next" in the lower right-hand corner.

Choose "University of Illinois", your department name, the type of certificate that you want, the desired term and the server software you are using from the drop-down boxes.

Certificate information

The common name will auto-populate based on what is in your CSR. Click "Next" in the lower right-hand corner. Then choose your auto-renewal preference and click "OK".

Your certificate will then appear in the certificate list with a status of "Requested". Click on the radio button next to it and then click "Approve". Enter any notes that you like, and then click "OK".

Retrieving a New Certificate

You will receive an email with a link to log in and download your new certificate as soon as it is ready. You will be able to choose from the following formats:

  • X509 Certificate only, Base64 encoded (most common option)
  • PKCS#7 Base64 encoded
  • PKCS#7 Bin encoded
  • X509 Intermediates/root only, Base64 encoded
  • X509 Intermediates/root only Reverse, Base64 encoded

More Information

InCommon maintains a complete set of documentation on all the features available in the web interface as well as best practices on their website at https://www.incommon.org/certificates/repository/.

Getting Help

If you have a question that is not answered by the documentation, e-mail certmgr@illinois.edu for assistance.




Keywords:certificate, incommon, ssl, sectigo, comodo, cert, administration, admin,   Doc ID:89849
Owner:Security S.Group:University of Illinois Technology Services
Created:2019-02-20 11:48 CDTUpdated:2019-11-11 17:34 CDT
Sites:University of Illinois Technology Services
Feedback:  1   0