Variables:

• <server name>: The server name including domain, e.g. server1.hs-woe.de.
• <date>: The date in ISO format, e.g. 20220326.

# Create folder <server name> and change to folder
mkdir <server name>
cd <Servername>
#
# create Key 
openssl genrsa -out GEANT_OV_RSA_CA_4-<Servername>-<date>-key.pem 4096
#
# CSR erzeugen
openssl req -new -key GEANT_OV_RSA_CA_4-<Servername>-<date>-key.pem -out GEANT_OV_RSA_CA_4-<Servername>-<date>-csr.pem

• Country Name: DE
• State or Province Name: Niedersachsen
• Locality Name: Wilhelmshaven (or Oldenburg or Elsfleth)
• Organization Name: Hochschule Wilhelmshaven/Oldenburg/Elsfleth
• Organizational Unit Name: <keine>
• Common Name: <Servername>
• Email-Address: <none>

Sectigo Certificate Manager: JADE-HS Server Certificate (SSO)

• Click on “Or Sign In With - Your Institution” at the bottom of the page.
• Select the “Jade Hochschule” as institution
• Log in with your user data of the Jade University of Applied Sciences
• In the “SSL Certificate Enrollment” window, check / complete the details.
  • Email: Your email address
  • Certificate Profile: OV Multi-Domain
  • Certificate Term: 1 Year
  • CSR: Upload the previously generated CSR here.
  • Common Name: check the server name here
  • Renew: If the certificate is to be renewed automatically, activate “Auto renew” and select the number of days before the certificate expires.
  • Subject Alternative Names: Add additional SANs here if necessary.
  • Annual Renewal Passphrase: Enter a password to renew the certificate.
  • Confirm Annual Renewal Passphrase: Repeat the password to renew the certificate.
  • External Requester: <no entry>.
  • Comments: Notes about this server certificate
• Click the “Enroll” button to finish the process

Download the desired certificate from the e-mail and rename it:

• nginx mit extra CA-File: Certificate only
• Apache & nginx: Certificate (w/ issuer after)
• Microsoft IIS: PKCS#7 (<Servername>.p7b)

# Certificate only
GEANT_OV_RSA_CA_4-<Servername>-<date>-crt.pem
#
# Certificate (w/ issuer after)
GEANT_OV_RSA_CA_4-<Servername>-<date>-crt+chain.pem
#
# PKCS#7
GEANT_OV_RSA_CA_4-<Servername>-<date>.p7b

# Create <server name> folder and change to it
mkdir <Servername>
cd <Servername>
#
# create Key 
openssl genrsa -out HS-WOE_Certificate_Authority_META-<Servername>-<date>-key.pem 4096
#
# CSR erzeugen
openssl req -new -key HS-WOE_Certificate_Authority_META-<Servername>-<date>-key.pem -out HS-WOE_Certificate_Authority_META-<Servername>-<date>-csr.pem

• Country Name: DE
• State or Province Name: Niedersachsen
• Locality Name: Wilhelmshaven (or Oldenburg or Elsfleth)
• Organization Name: Hochschule Wilhelmshaven/Oldenburg/Elsfleth
• Organizational Unit Name: <none>
• Common Name: <Servername>
• Email-Address: <none>

META CA: Send the CSR with the name HS-WOE_Certificate_Authority_META-<Servername>-<Date>-csr.pem by e-mail to the HRZ. You will then receive the certificate from us immediately.