Versions Compared

Old Version 4

changes.mady.by.user Kent Engström

Saved on

compared with

New Version 5

changes.mady.by.user Kent Engström

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Logged in as an administrator, go to Certificates → Requests, select the pending request, and FIXME!

Managing Certificates

How do we manage existing certificates?

Logged in as an administrator, use Certificates → Orders and select the certificate. You will find buttons for downloading, reissuing and revoking the certificate.

Customizing

Can we limit the certificate types our users can order?

Yes! Logged in as an administrator, use Settings → Limit Products. Then enable Use My Own Setttings and Use this setting for my division and any subdivisions, and disable Allow subdivisions to override this setting.

Enable Restrict the products that users with different roles can order and disable all the product types you want to remove under the Administrator heading. Then click on the User heading and do the same there. Finally, use Save Settings.

Certificate Chaining

How do we get the certificate chain?

It is included together with the certificate and instructions in the email the requester gets (and that you can download via Certificates → Orders as discussed above).

Are the chain and root certificates the same as for the Comodo generation of the service?

No, they are different. Do not reuse your saved files from the Comodo system.

How do we check if the server sends a good certificate chain?

You could use openssl s_client -connect nim.nsc.liu.se:443 (replacing nim.nsc.liu.se with your address). You then have to check the lines following "Certificate chain" in the output to see that it contains more than the server certificate. The following is an OK example for an EV certificate:

Certificate chain
 0 s:/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=SE/serialNumber=1970/street=M\xC3\xA4ster Mattias V\xC3\xA4g/postalCode=583 30/C=SE/ST=\xC3\x96sterg\xC3\xB6tland/L=Link\xC3\xB6ping/O=Link\xC3\xB6pings University/OU=NSC/CN=nim.nsc.liu.se
   i:/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA SSL High Assurance CA 3
 1 s:/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA SSL High Assurance CA 3
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA