Article: vtkb2850.htm
Difficulty: Difficult
Time to Complete (minutes): 60+
Last Updated: May 14, 2008

This knowledge base article is a work in progress. Please read the Draft Form Disclaimer below*


Question:

How do I request a Virginia Tech Middleware Client Certificate?

Answer:

  1. Generate a PKCS #10 Certificate Signing Request (CSR). Follow the directions provided with your application software.
    Notes:
    • If you are using OpenSSL, you may download an OpenSSL Configuration File to format your Middleware CSR properly.
    • If you are using OpenSSL to generate your CSR, refer to Generating a Certificate Signing Request (CSR) Using OpenSSL (http://answers.vt.edu/ask4help/connection/vtkb2851.htm).
    • Your CSR must contain the following information:
      • DC=edu
      • DC=vt
      • C=US
      • ST=Virginia
      • L=Blacksburg
      • O=Virginia Polytechnic Institute and State University
      • OU=Your Department's Name
      • CN=Your Server's Name
    Example:
    -----BEGIN CERTIFICATE REQUEST-----
    MIIBujCCASMCAQAwejELMAkGA1UEBhMCQ0ExEzARBgNVBAgTClRFc3QgU3RhdGUx
    ETAPBgNVBAcTCENvbG9yYWR0MRswGQYDVQQKExJDYW5hZGlhbiBUZXN0IE9yZy4x
    EjAQBgNVBAsTCU9VIE9mZmljZTESMBAGA1UEAxMJd3d3LmV4LmNhMIGfMA0GCSqG
    SIb3DQEBAQUAA4GNADCBiQKBgQD5PIij2FNa+Zfk1OHtptspcSBkfkfZ3jFxYA6y
    po3+YbQhO3PLTvNfQj9mhb0xWyvoNvL8Gnp1GUPgiw9GvRao603yHebgc2bioAKo
    TkWTmW+C8+Ka42wMVrgcW32rNYmDnDWOSBWWR1L1j1YkQBK1nQnQzV3U/h0mr+AS
    E/nV7wIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAAAhxY1dcw6P8cDEDG4UiwB0D
    OoQnFb3WYVl7d4+6lfOtKfuL/Ep0blLWXQoVpOICF3gfAF6wcAbeg5MtiWwTwvXR
    tJ2jszsZbpOuIt0WU1+cCYivxuTi18CQNQrsrD4s2ZJytkzDTAcz1Nmiuh93eqYw
    +kydUyRYlOMEIomNFIQ=
    -----END CERTIFICATE REQUEST-----
  2. Go to the Certificate Request page (https://ra.eprov.iad.vt.edu/cgi-bin/ra/091/vtc1sra/pub/pki?cmd=pkcs10_req).
  3. Click the Browse button.
  4. Select the file containing the CSR you created.
  5. From the Registration Authority drop down list, select Trustcenter Itself.
  6. From the Role drop-down list, select Middleware-Client.
  7. In the PIN text box, type: a 10-character password to use when verifying the certification request.
  8. In the Re-type Your PIN for Confirmation text box, type your chosen PIN again.
  9. Click the Continue button.
  10. Review the Certificate Confirm form.
  11. To submit your request, click the Continue button.
  12. Make note of the certificate request serial number that has been assigned to your request.
  13. Fill out the VT Middleware CA Client Certificate Request form (http://www.pki.vt.edu/subscriber/MiddlewareCertRequest.pdf).
    Important:
    • Your department head must sign the request form.
    • Be sure to specify the certificate request serial number and application service name on the request form.
  14. Mail your certificate request form to: IRM, mail code 0214
    Important: IRM will not issue a certificate until they have received a paper copy of the request form with the proper signatures.
  15. Within two business days, you will receive an e-mail message with instructions on how to retrieve your certificate.
  16. To complete the installation of your certificate, install the CA certificate chain on your server. Refer to your server documentation on how to configure your application or server to use trusted CA chains. To save the VTCA chain to a local file, follow the appropriate instruction below:


*4Help believes the information contained in this solution to be correct and free from errors. However, this solution is still in draft form and may not be final or accurate. Use these instructions at your own risk. If you do find errors, please contact 4Help using the Help Request Form, making sure to include the filename listed at the top of the page.