(DC) [CertMgr] Certificate Request (New)
Description
The articles describes using the Sectigo / InCommon Certificate Manager to generate a new SSL Certificate based on a provided Certificate Signing Request and other required information from the customer in a service ticket.
If a certificate is download in one format, it can be easily converted to other formats. Please refer to: (DC) Certificate Format Conversion
Table of Contents
Step to request certificate(s)
Prerequisite
Ensure that all information necessary to process a certificate is included in the request. Refer to: (DC) What to include in a request
Process
Login into the Sectigo / InCommon Certificate Authority Certificate Manager.
(DC) [CertMgr] Logging into Certificate ManagerLocate the
(hamburger menu icon) and click to expose the navigation menu. Locate "Certificates", click the down arrow, click it to expose and click "SSL Certificates".
A list of certificates will appear. Locate the following icons (list options).
Click the filter icon (
) and click it.
Under the "Group By", choose "Requester".
Click
Under the "Add Filter" choose "Common Name". Type in the FQDN, domain name, or certificate common name (it has various names) into the field. You can use partial word searches, you do not need to type in the entire FQDN.
Click + Add Filter.
The list will now update with common names that match you filter criteria. You should see something like below.
Locate the ADD (
) button and click it. You should see the following:
Select "Using a Certificate Signing Request (CSR)". Click Next .
Please note that the other options "Generation of CSR", "Generation of CSR with Auto Installation" and "Generations of CSR in Azure Key Vault" are not supported. DO NOT choose any of these options.
A request form will appear:
Fill in the appropriate fields. Most fields will be auto-populated and this should NOT be changed unless you know exactly what you are doing.
Certificate Profile:
For standard certificates (without SAN, wildcard, or EV requirement) choose: InCommon SSL (SHA-2) → may be changing to InCommon SSL Single General Profile
For certificates with SANs, choose: InCommon SSL Multi Domain General Profile
For wildcard certificates, choose: InCommon SSL Wildcard Certificate
For all other certificates, please consult with tier-2 support.
Certificate Term Length: Choose from 1-year (365 days) or 398 days (1-year + 1 month).
Comments: optional, add anything relevant.
Notifications: The GROUP email address should be placed here.
Click Next.
Paste the CSR from the file provided by the customer / requester.
You can also click the upload () button to upload the CSR from a file on your computer.
Click Next.
Update the request regarding domains.
If this a standard certificate (" InCommon SSL (SHA-2)"), then only the domain verification appears.
If the certificate profile was "InCommon Multi Domain SSL (SHA-2)", then you are given thew option to update any changes to the SANs list. If SANs entries were part of the CSR, they are populated here.
Click Next.
In the next option, ensure the "Enable Auto-Renew" feature is DISABLED . This feature is NOT supported.
Go back and forth through the pages to ensure all information is correct, then proceed to the last page and click "OK". The certificate will be generated.
If the "Request New SSL Certificate" window does not close, you will need to click the CLOSE button.
At this point, the certificate processing has begun. If the filter you used above is still in place, you will see a new line appear in the list of certificates matching the filter (which the new one will), and should have the status of "Requested" and will soon change to "Issued".
Once the status is issued, you can proceed to download / retrieve the certificate: (DC) [CertMgr] Certificate Download