Translations of this page:

User Tools

Site Tools


en:tp:certificates:servercert

Server certificates

Variables:

  • <server name>: The server name including domain, e.g. server1.hs-woe.de.
  • <date>: The date in ISO format, e.g. 20220326.

Public server certificates

create CSR

# Create folder <server name> and change to folder
mkdir <server name>
cd <Servername>
#
# create Key 
openssl genrsa -out GEANT_OV_RSA_CA_4-<Servername>-<date>-key.pem 4096
#
# CSR erzeugen
openssl req -new -key GEANT_OV_RSA_CA_4-<Servername>-<date>-key.pem -out GEANT_OV_RSA_CA_4-<Servername>-<date>-csr.pem
  • Country Name: DE
  • State or Province Name: Niedersachsen
  • Locality Name: Wilhelmshaven (or Oldenburg or Elsfleth)
  • Organization Name: Hochschule Wilhelmshaven/Oldenburg/Elsfleth
  • Organizational Unit Name: <keine>
  • Common Name: <Servername>
  • Email-Address: <none>

Apply for certificate

Sectigo Certificate Manager: JADE-HS Server Certificate (SSO)

  • Click on “Or Sign In With - Your Institution” at the bottom of the page.
  • Select the “Jade Hochschule” as institution
  • Log in with your user data of the Jade University of Applied Sciences
  • In the “SSL Certificate Enrollment” window, check / complete the details.
    • Email: Your email address
    • Certificate Profile: OV Multi-Domain
    • Certificate Term: 1 Year
    • CSR: Upload the previously generated CSR here.
    • Common Name: check the server name here
    • Renew: If the certificate is to be renewed automatically, activate “Auto renew” and select the number of days before the certificate expires.
    • Subject Alternative Names: Add additional SANs here if necessary.
    • Annual Renewal Passphrase: Enter a password to renew the certificate.
    • Confirm Annual Renewal Passphrase: Repeat the password to renew the certificate.
    • External Requester: <no entry>.
    • Comments: Notes about this server certificate
  • Click the “Enroll” button to finish the process

Download certificate

Download the desired certificate from the e-mail and rename it:

  • nginx mit extra CA-File: Certificate only
  • Apache & nginx: Certificate (w/ issuer after)
  • Microsoft IIS: PKCS#7 (<Servername>.p7b)
# Certificate only
GEANT_OV_RSA_CA_4-<Servername>-<date>-crt.pem
#
# Certificate (w/ issuer after)
GEANT_OV_RSA_CA_4-<Servername>-<date>-crt+chain.pem
#
# PKCS#7
GEANT_OV_RSA_CA_4-<Servername>-<date>.p7b

Internal server certificates

create CSR

# Create <server name> folder and change to it
mkdir <Servername>
cd <Servername>
#
# create Key 
openssl genrsa -out HS-WOE_Certificate_Authority_META-<Servername>-<date>-key.pem 4096
#
# CSR erzeugen
openssl req -new -key HS-WOE_Certificate_Authority_META-<Servername>-<date>-key.pem -out HS-WOE_Certificate_Authority_META-<Servername>-<date>-csr.pem
  • Country Name: DE
  • State or Province Name: Niedersachsen
  • Locality Name: Wilhelmshaven (or Oldenburg or Elsfleth)
  • Organization Name: Hochschule Wilhelmshaven/Oldenburg/Elsfleth
  • Organizational Unit Name: <none>
  • Common Name: <Servername>
  • Email-Address: <none>

META CA: Send the CSR with the name HS-WOE_Certificate_Authority_META-<Servername>-<Date>-csr.pem by e-mail to the HRZ. You will then receive the certificate from us immediately.

en/tp/certificates/servercert.txt · Last modified: 2022/05/30 23:56 by vi1005