Translations of this page:

User Tools

Site Tools


en:tp:certificates:servercert

Server certificates

Variables:

  • <server name>: The server name including domain, e.g. server1.hs-woe.de.
  • <date>: The date in ISO format, e.g. 20220326.

Public server certificates

create CSR

# Create folder <server name> and change to folder
mkdir <server name>
cd <Servername>
#
# create Key 
openssl genrsa -out GEANT_OV_RSA_CA_4-<Servername>-<date>-key.pem 4096
#
# CSR erzeugen
openssl req -new -key GEANT_OV_RSA_CA_4-<Servername>-<date>-key.pem -out GEANT_OV_RSA_CA_4-<Servername>-<date>-csr.pem
  • Country Name: DE
  • State or Province Name: Niedersachsen
  • Locality Name: Wilhelmshaven (or Oldenburg or Elsfleth)
  • Organization Name: Hochschule Wilhelmshaven/Oldenburg/Elsfleth (ENG: University Wilhelmshaven/Oldenburg/Elsfleth)
  • Organizational Unit Name: <keine> (ENG: <none>)
  • Common Name: <Servername>
  • Email-Address: <keine> (ENG: <none>)

Apply for certificate

Sectigo Certificate Manager: JADE-HS Server Certificate (SSO)

  • Click on “Or Sign In With - Your Institution” at the bottom of the page.
  • Select the “Jade Hochschule” as institution
  • Log in with your user data of the Jade University of Applied Sciences
  • In the “SSL Certificate Enrollment” window, check / complete the details.
    • Email: Your email address
    • Certificate Profile: OV Multi-Domain
    • Certificate Term: 1 Year
    • CSR: Upload the previously generated CSR here.
    • Common Name: check the server name here
    • Renew: If the certificate is to be renewed automatically, activate “Auto renew” and select the number of days before the certificate expires.
    • Subject Alternative Names: Always add the server name here as the first SAN and additional SANs, if necessary.
    • Annual Renewal Passphrase: Enter a password to renew the certificate.
    • Confirm Annual Renewal Passphrase: Repeat the password to renew the certificate.
    • External Requester: <no entry>.
    • Comments: Notes about this server certificate
  • Click the “Enroll” button to finish the process
  • Please contact Mr. Früchtenicht or Mr. Manemann briefly at the HRZ, mentioning the requested server name, for issuing the certificate.

Download certificate

Download the desired certificate from the e-mail and rename it:

  • nginx with extra CA-File: Certificate only
  • Apache & nginx: Certificate (w/ issuer after)
  • Microsoft IIS: PKCS#7 (<Servername>.p7b)
# Certificate only
GEANT_OV_RSA_CA_4-<Servername>-<date>-crt.pem
#
# Certificate (w/ issuer after)
GEANT_OV_RSA_CA_4-<Servername>-<date>-crt+chain.pem
#
# PKCS#7
GEANT_OV_RSA_CA_4-<Servername>-<date>.p7b

Internal server certificates

Apply for internal server certificates only after consulting with the HRZ.

create CSR

# Create <server name> folder and change to it
mkdir <Servername>
cd <Servername>
#
# create Key 
openssl genrsa -out <Servername>-<date>-key.pem 4096
#
# Create CSR 
openssl req -new  -key <Servername>-<date>-key.pem -out <Servername>-<date>-csr.pem
  • Country Name: DE
  • State or Province Name: Niedersachsen
  • Locality Name: Wilhelmshaven (or Oldenburg or Elsfleth)
  • Organization Name: Hochschule Wilhelmshaven/Oldenburg/Elsfleth
  • Organizational Unit Name: <none>
  • Common Name: <Servername>
  • Email-Address: <none>

Email the CSR to the HRZ and we will contact you and you can get the certificate from us.

en/tp/certificates/servercert.txt · Last modified: 2023/07/22 18:17 by an1174