Variables:

• <server name>: The server name including domain, e.g. server1.hs-woe.de.
• <date>: The date in ISO format, e.g. 20220326.

# Create folder <server name> and change to folder
mkdir <server name>
cd <Servername>
#
# create Key 
openssl genrsa -out GEANT_OV_RSA_CA_4-<Servername>-<date>-key.pem 4096
#
# CSR erzeugen
openssl req -new -key GEANT_OV_RSA_CA_4-<Servername>-<date>-key.pem -out GEANT_OV_RSA_CA_4-<Servername>-<date>-csr.pem

• Country Name: DE
• State or Province Name: Niedersachsen
• Locality Name: Wilhelmshaven (or Oldenburg or Elsfleth)
• Organization Name: Hochschule Wilhelmshaven/Oldenburg/Elsfleth (ENG: University Wilhelmshaven/Oldenburg/Elsfleth)
• Organizational Unit Name: <keine> (ENG: <none>)
• Common Name: <Servername>
• Email-Address: <keine> (ENG: <none>)

Sectigo Certificate Manager: JADE-HS Server Certificate (SSO)

• Click on “Or Sign In With - Your Institution” at the bottom of the page.
• Select the “Jade Hochschule” as institution
• Log in with your user data of the Jade University of Applied Sciences
• In the “SSL Certificate Enrollment” window, check / complete the details.
  • Email: Your email address
  • Certificate Profile: OV Multi-Domain
    • Do not (!) choose OV SSL (more Informations)
  • Certificate Term: 1 Year
  • CSR: Upload the previously generated CSR here.
  • Common Name: check the server name here
  • Renew: If the certificate is to be renewed automatically, activate “Auto renew” and select the number of days before the certificate expires.
  • Subject Alternative Names: Always add the server name here as the first SAN and additional SANs, if necessary.
  • Annual Renewal Passphrase: Enter a password to renew the certificate.
  • Confirm Annual Renewal Passphrase: Repeat the password to renew the certificate.
  • External Requester: <no entry>.
  • Comments: Notes about this server certificate
• Click the “Enroll” button to finish the process

• Please contact Mr. Früchtenicht or Mr. Manemann briefly at the HRZ, mentioning the requested server name, for issuing the certificate.

Download the desired certificate from the e-mail and rename it:

• nginx with extra CA-File: Certificate only
• Apache & nginx: Certificate (w/ issuer after)
• Microsoft IIS: PKCS#7 (<Servername>.p7b)

# Certificate only
GEANT_OV_RSA_CA_4-<Servername>-<date>-crt.pem
#
# Certificate (w/ issuer after)
GEANT_OV_RSA_CA_4-<Servername>-<date>-crt+chain.pem
#
# PKCS#7
GEANT_OV_RSA_CA_4-<Servername>-<date>.p7b

# Create <server name> folder and change to it
mkdir <Servername>
cd <Servername>
#
# create Key 
openssl genrsa -out <Servername>-<date>-key.pem 4096
#
# Create CSR 
openssl req -new  -key <Servername>-<date>-key.pem -out <Servername>-<date>-csr.pem

• Country Name: DE
• State or Province Name: Niedersachsen
• Locality Name: Wilhelmshaven (or Oldenburg or Elsfleth)
• Organization Name: Hochschule Wilhelmshaven/Oldenburg/Elsfleth
• Organizational Unit Name: <none>
• Common Name: <Servername>
• Email-Address: <none>

Email the CSR to the HRZ and we will contact you and you can get the certificate from us.