Virginia Tech Certification Authority

Virginia Tech SSL Server Certificates

Service Description

The Virginia Tech SSL Server Certificate enables SSL authentication and encryption services for networked application servers such as Web servers or E-mail. Application servers connecting to Virginia Tech computing resources where authentication and authorization services are required must use a digital certificate in order to communicate over a secured communication channel using SSL, or TLS protocols.

Procedure to enroll for a the Virginia Tech Class 1 Server certificate:

  1. Complete and submit the online request form at Request Approval to Enroll for VTCA Certificates. Note that you must submit a new request for approval to enroll each time a SSL server certificate is needed.
    • Select VT Class 1 Web Server or VT Class 1 Application Server in the drop down list provided to menu available Certificate Profiles.
  2. Mail or Fax a completed and signed Request Form to:

    Mail:
    Identity Management Services (0214)
    Tel: 540/231-4245
    Fax: 540/231-3583
    Please be sure to specify the Common Name of your server on the Request Form

    • An email will be sent to you with instructions on how to enroll for your certificate within one or two business days after your Request Form has been received. If you encounter problems please contact IMS for assistance.
  3. Follow the instructions provided in the email you receive to submit your CSR (Certificate Signing Request) using the web form at Enroll for VTCA Certificates.
    • When completing the enrollment web form, use the username provided in the email and the password that you created when you submitted your request for approval to enroll for a server certificate.
    • If you have received an email notification that your request has been approved but you do not remember your password, you can resubmit your online request for approval to enroll for a certificate and create a new password. You will receive another email notification after your request has been approved.
    • You will be required to upload a PEM- or DER-formated certification request file (CSR) or alternatively, you may simply paste a PEM-formated request into a text area on the enrollment web form.

      A PEM-formatted request is a BASE64 encoded certificate request starting with:
      -----BEGIN CERTIFICATE REQUEST-----
      and ending with
      -----END CERTIFICATE REQUEST-----

    • The method used for generating a CSR varies depending on the application which will be using the SSL server certificate. Please follow the directions provided with your application software to generate a CSR. When requested for keysize during CSR generation, please specify a key size of at least 2048 bits when generating your key pair.
    • The VTCA will ignore all DN attributes you specify in your CSR and instead will retrieve the DN attributes which you specified earlier in your "Request Approval to Enroll for VTCA Certificates" form to be used in the subject entry of the certficate being issued to you. As a result, there are no special requirements to include specific DN attributes in the CSR that you generate. You may provide default values for any DN attributes which your CSR generation program/utility may require you to specify. Only the public key component of your public/private key pair is extracted from the CSR when you upload it to enroll for your certificate.
    • If you are using OpenSSL, please refer to our OpenSSL instructions which have been provided as an example on how to generate a CSR.
  4. After uploading your CSR, your certificate will be issued immediately and will be available for you to download. The subject entry of your certificate will contain the following DN attributes which you provided in your request for approval to enroll for a VT certificate:

    CN = Your server name (e.g. servername.vt.edu)
    OU = Your department name (e.g. Budget and Financial Planning)
    O = Virginia Polytechnic Institute and State University
    L = Blacksburg
    ST = Virginia
    DC = vt
    DC = edu
    C = US

  5. You will receive a follow-up email that confirms your certificate has been issued and contains a link which can be used in the event you need to download your certificate again at some future time.
  6. To complete the installation and configuration of the server certificate, the CA certificates chain MUST also be installed on the server. Please refer to your server documentation on how to configure your application (or server) to use trusted CA chains. If you have not already installed the VTCA trusted CA chain, you can download a file containing the VTCA trusted chain as follows:

    The VTCA trusted CA chain file contains the PEM encoded certificates for the Virginia Tech Root CA, Virginia Tech Class 1 Server CA and the Virginia Tech Middleware CA.


Last updated on January 28, 2009