en:tp:certificates:servercert
Table of Contents
Server certificates
Variables:
- <server name>: The server name including domain, e.g. server1.hs-woe.de.
- <date>: The date in ISO format, e.g. 20220326.
Public server certificates
create CSR
# Create folder <server name> and change to folder mkdir <server name> cd <Servername> # # create Key openssl genrsa -out GEANT_OV_RSA_CA_4-<Servername>-<date>-key.pem 4096 # # CSR erzeugen openssl req -new -key GEANT_OV_RSA_CA_4-<Servername>-<date>-key.pem -out GEANT_OV_RSA_CA_4-<Servername>-<date>-csr.pem
- Country Name: DE
- State or Province Name: Niedersachsen
- Locality Name: Wilhelmshaven (or Oldenburg or Elsfleth)
- Organization Name: Hochschule Wilhelmshaven/Oldenburg/Elsfleth
- Organizational Unit Name: <keine>
- Common Name: <Servername>
- Email-Address: <none>
Apply for certificate
Sectigo Certificate Manager: JADE-HS Server Certificate (SSO)
- Click on “Or Sign In With - Your Institution” at the bottom of the page.
- Select the “Jade Hochschule” as institution
- Log in with your user data of the Jade University of Applied Sciences
- In the “SSL Certificate Enrollment” window, check / complete the details.
- Email: Your email address
- Certificate Profile: OV Multi-Domain
- Certificate Term: 1 Year
- CSR: Upload the previously generated CSR here.
- Common Name: check the server name here
- Renew: If the certificate is to be renewed automatically, activate “Auto renew” and select the number of days before the certificate expires.
- Subject Alternative Names: Add additional SANs here if necessary.
- Annual Renewal Passphrase: Enter a password to renew the certificate.
- Confirm Annual Renewal Passphrase: Repeat the password to renew the certificate.
- External Requester: <no entry>.
- Comments: Notes about this server certificate
- Click the “Enroll” button to finish the process
Download certificate
Download the desired certificate from the e-mail and rename it:
- nginx mit extra CA-File: Certificate only
- Apache & nginx: Certificate (w/ issuer after)
- Microsoft IIS: PKCS#7 (<Servername>.p7b)
# Certificate only GEANT_OV_RSA_CA_4-<Servername>-<date>-crt.pem # # Certificate (w/ issuer after) GEANT_OV_RSA_CA_4-<Servername>-<date>-crt+chain.pem # # PKCS#7 GEANT_OV_RSA_CA_4-<Servername>-<date>.p7b
Internal server certificates
create CSR
# Create <server name> folder and change to it mkdir <Servername> cd <Servername> # # create Key openssl genrsa -out HS-WOE_Certificate_Authority_META-<Servername>-<date>-key.pem 4096 # # CSR erzeugen openssl req -new -key HS-WOE_Certificate_Authority_META-<Servername>-<date>-key.pem -out HS-WOE_Certificate_Authority_META-<Servername>-<date>-csr.pem
- Country Name: DE
- State or Province Name: Niedersachsen
- Locality Name: Wilhelmshaven (or Oldenburg or Elsfleth)
- Organization Name: Hochschule Wilhelmshaven/Oldenburg/Elsfleth
- Organizational Unit Name: <none>
- Common Name: <Servername>
- Email-Address: <none>
META CA: Send the CSR with the name HS-WOE_Certificate_Authority_META-<Servername>-<Date>-csr.pem by e-mail to the HRZ. You will then receive the certificate from us immediately.
en/tp/certificates/servercert.txt · Last modified: 2022/09/30 11:37 by gu1111