SSL Certificate FAQs

SSL Certificate Frequently Asked Questions.

SSL Certificate Frequently Asked Questions

General
Requesting a Certificate
Installing a Certificate
Renewing a Certificate
  1. How soon can I renew an existing server certificate?
  2. When are renewal notices sent?

General

  1. Who can order an SSL certificate? 
    In general, any UW Madison faculty and staff can request a certificate.  Any questions about the veracity of the certificate signing request will be directed to the WiscNIC IT contact for that subnet.  The certificate requester must also agree to the following:
    • "I am responsible for running a service which uses this fully qualified domain name(s) and part of my responsibility as a employee of the UW Madison is to secure this domain. The sole purpose of my use of this certificate is for securing this domain(s) and not for malicious or other fraudulent purposes. If I suspect that the private key associated with this certificate is lost or compromised I will contact OCIS and seek immediate revocation."

  2. How much does a certificate cost? 
    The Office of Campus Information Security has absorbed the annual cost to issue SSL certificates.  At this time, there is no cost to campus units.

  3. How do I get support if I have a question or have trouble getting, ordering or installing a certificate? 
    This article details support options.

Requesting a Certificate

  1. What types of certificates can I order? 
    We've described the types of SSL certificates that we can issue here. Code signing and personal (user) certificates are also available.

  2. Can I use one certificate for multiple host names? 
    Yes, you can request a multi-domain certificate and include up to 100 subject alternative names (SAN) in the certificate.  A typical use of a SAN is to secure a web site called department.wisc.edu and include an alternate name of www.department.wisc.edu.
     
  3. Can I have a wildcard certificate, e.g..doit.wisc.edu, issued for a group of hosts? 
    Since there is no longer a cost to departments, the cost incentive to use wildcard certificates should be decreased.  Use of wildcard certificates does increase risk.  A department requesting a wildcard certificate must agree to the terms of service.

  4. Can I have an extended validation (EV) server certificate? 
    Yes, EV certificates are available in the InCommon/Comodo program but must be verified and ordered individually through Comodo.  It may take between 1-2 weeks to complete the EV certificate issuance process.

  5. My web server type isn't listed in drop down for web server type ... what should I select? or I selected the wrong web server type does this matter?
    This item is purely for statistical reporting and will not impact certificate generation. You can select anything from the drop down and processing will be the same.

Installing a Certificate

  1. Can I change certificate details, e.g. common name, of an existing certificate? 
    In order to change certificate content, you will need to submit a new CSR. Refer to Step One for Ordering a Server Certificate.

  2. What happens if I lose my private key, e.g. forget a password, corresponding to my certificate? 
    You will need to submit a new CSR. Refer to Step One for Ordering a Server Certificate.

  3. What happens if I did not receive the certificate via email or accidentally deleted it? 
    You can contact us to have the certificate information re-sent.

  4. Why do I get a "Certificate not trusted" error message after installing the certificate? 
    This is a common problem and is likely because you do not have the intermediate certificates installed on the server. See this article for why and how you need to install the intermediate certificates.

  5. How do I test that my certificates, including the intermediate certificate, is installed correctly? 
    This article describes how to test that the certificate trust chain is installed correctly.

  6. What is the Certificate trust chain for the InCommon certificates? 
    We've posted the root and intermediate certificates here and also included other commonly needed information about our organizationally and extended validation certificates.

Renewing a Certificate

  1. How soon can I renew an existing server certificate? 
    You can renew a certificate up to 90 days in advance of the certificate expiring. Please note that you will not lose any validly time when you renew.

  2. When are renewal notices sent? 
    Renewal notices are sent at 40, 30, 20, 10, 5, and 2 days out from expiration.




Keywords:server certificates ssl incommon comodo   Doc ID:18911
Owner:Michael G.Group:UW Digital ID
Created:2011-06-19 19:00 CDTUpdated:2016-07-18 15:09 CDT
Sites:DoIT Help Desk, DoIT Staff, Office of Campus Information Security, UW Digital ID
Feedback:  1   0