Page content
Section menu
Main menu
Associative links
Stel uw voorkeurstalen in op Nederlands, Engels Set your preferred languages to only English advanced|
Page content:
English | Nederlands

Server certificates


If you want to use a Comodo signed server certificate you must satisfy the following conditions:

  • The request for the certificate applies to a computer located within the University of Groningen and it must have a RUG-net IP address (address starts with 129.125).
  • The applicant is known to at least one of the University employees authorized to issue certificates (so-called RUG-CAs):
    Anke Breeuwsma 050 363 9224
    Frank B. Brokken 050 363 9281
    Hopko Meijering 050 363 9257
  • You must fill in the server certificate application form to request a certificate. SSL certificates for web servers located within the University are free of charge.
  • The form will be checked by one of the RUG-CAs. This includes:
    • A check for correctness of the data
    • After verification the request is presented to SURFnet/Terena/Comodo
    • The processing by SURFnet/Terena/Comodo takes about one week. As soon as the certificate is available you will receive a message from your RUG-CA.
  • The RUG-CA will give you two files: a private key and a Comodo signed certificate. The privacy of the private key is vulnerable and must be installed in such a way on your computer that only the system manager (root on Unix systems) can read the file. Anyone may read the certificate, but your web server must be included.
  • It's possible to request a certificate with your own Certificate Request. Use the  ''Server Certifcaat' aanvragen bij een al beschikbaar 'Certificate Request' form.
  • Be aware: If you need a wildcard certificate you'll have to put the wildcard in the 'Subject Alternative Name' , like this:          

          CN = subdomain.rug.nl       (no star in the CN)
          SAN = *.subdomain.rug.nl    (a star in the SubjAltName)

  • Due to the vulnerability of the private key it cannot be sent to you by e-mail unless you are using GPG/PGP and your GPG/PGP public key is known by your RUG-CA.
  • If you are not yet using GPG perhaps this is the moment to do so. Until you do so it is not possible to send GPG-encrypted e-mails and the RUG-CA will have to personally give you the certificate and the private key. You must identify yourself and you should bring a suitable transport medium (for example a USB memory stick).

Please contact the Security Manager or the RUG-CAs for more information about this page.

Last modified:September 19, 2011 13:53
Associative links:
Cybersafe yourself
Cybersafe yourself
Campus event SURFspot
Campus event SURFspot
CIT
CIT
Wireless internet
Wireless internet
Questions and answers
Questions and answers

About...

Also see
Acceptable Use Policy
Security alerts
 
Current section:

Security

Section menu:
 
Home RUG   Current Students   ICT   Security