Virginia Tech Certification Authority

Virginia Tech Middleware Application Certificates

Service Description

The Virginia Tech Middleware Application Certificate enables SSL authentication and encryption services for networked application servers such as LDAP or Portal. Application servers connecting to the Virginia Tech ED (Enterprise Directory) authentication and authorization services require a Middleware client certificate in order to communicate over a secured communication channel using SSL, or TLS protocols.

Procedure to submit a certificate signing request to the Virginia Tech Middleware CA:

  1. Generate a PKCS #10 CSR ( Certificate Signing Request ). The method used for generating a CSR varies depending on the application which will be using the SSL certificate. Please follow the directions provided with your application software to generate a CSR. If you are using OpenSSL to generate your CSR, please refer our OpenSSL instructions to help you generate your request.

    Your CSR Request MUST contain the following information:
    DC = edu
    DC = vt
    C = US
    ST = Virginia
    L = Blacksburg
    O = Virginia Polytechnic Institute and State University
    CN = Application Service Name

    The CSR should look something like:


    -----BEGIN CERTIFICATE REQUEST-----
    MIIBujCCASMCAQAwejELMAkGA1UEBhMCQ0ExEzARBgNVBAgTClRFc3QgU3RhdGUx
    ETAPBgNVBAcTCENvbG9yYWR0MRswGQYDVQQKExJDYW5hZGlhbiBUZXN0IE9yZy4x
    EjAQBgNVBAsTCU9VIE9mZmljZTESMBAGA1UEAxMJd3d3LmV4LmNhMIGfMA0GCSqG
    SIb3DQEBAQUAA4GNADCBiQKBgQD5PIij2FNa+Zfk1OHtptspcSBkfkfZ3jFxYA6y
    po3+YbQhO3PLTvNfQj9mhb0xWyvoNvL8Gnp1GUPgiw9GvRao603yHebgc2bioAKo
    TkWTmW+C8+Ka42wMVrgcW32rNYmDnDWOSBWWR1L1j1YkQBK1nQnQzV3U/h0mr+AS
    E/nV7wIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAAAhxY1dcw6P8cDEDG4UiwB0D
    OoQnFb3WYVl7d4+6lfOtKfuL/Ep0blLWXQoVpOICF3gfAF6wcAbeg5MtiWwTwvXR
    tJ2jszsZbpOuIt0WU1+cCYivxuTi18CQNQrsrD4s2ZJytkzDTAcz1Nmiuh93eqYw
    +kydUyRYlOMEIomNFIQ=
    -----END CERTIFICATE REQUEST-----

  2. Submit your CSR to the Virginia Tech Middleware Certificate Authority following these instructions below: (NOTE: clicking on the previous link will cause a new window or tab to appear)

    • On the Certificate Request (pkcs#10) form, enter the certificate signing request and data as follows:
    • Click on the Browse button to select the file containing the CSR request which you created in the previous step.
    • Registration Authority: Trustcenter itself
    • Role: Middleware-Client
    • PIN: Supply a 10 character alpha-numeric PIN (will be needed if you would like to revoke the certificate later)
    • Re-type your PIN for confirmation: Supply the same 10 character alpha-numeric PIN
    • Click on the Continue button
    • Review the Certificate Confirm (pkcs#10) form. Follow the instructions provided to correct any errors. Click Continue to submit the request to the Middleware Certificate Authority.
    • On the Certificate Request Confirmation Page make a note of the certificate request serial number which has been assigned to your request.
  3. Mail or Fax a completed and signed Request Form and a ED Service Registration Form to:

    Mail: IRM
    IS&C Info Resource Mgt (0214)
    Tel: 540/231-4245
    Fax: 540/231-8649
    Please be sure to specify the certificate request serial number and application service name on the Request Form

  4. An email will be sent to you with instructions on how to retrieve your certificate within one or two business days after your Request Form has been received. If you encounter problems please contact IRM for assistance.
  5. To complete the installation and configuration of the application certificate, the CA certificates chain MUST also be installed on the server. Please refer to your server documentation on how to configure your application (or server) to use trusted CA chains. This step is not necessary if you have already installed the Virginia Tech Certification Authority Bundle. You can save the VTCA chain to a local file as follows:

    The certificate chain file contains the PEM encoded certificates for the Virginia Tech Root CA, the Virginia Tech Class 1 Server CA, and the Virginia Tech Middleware CA.


Last updated on May 13, 2008