Digital Certificate Services

To request a free digital certificate please visit the IPSCA SSL Web Server Certificate Enrollment Form. The 2-year education ones are free.

For certificates with a higher level of assurance, Information Technology Services and Security (formerly DCS) at MTU has a license to provide digital certificates from GeoTrust through GeoTrust's GeoCenter. The current cost of a certificate that will last for one (1) year is $200.00 USD and for two (2) years is $319.00 USD. After your request is processed, please send an account number to be used by ITSS for interaccount billing to dcscertadmin@mtu.edu.

To request a digital certificate from GeoTrust please visit the MTU Public Ordering URL.

When you go to this page you should already have a Certificate Signing Request (CSR). If you don't have a CSR, please visit http://www.it.mtu.edu/dcs/digital_certs/gen_csr.html for terse instructions on how to generate a private key and CSR using OpenSSL. Please note that GeoTrust does have instructions on their web site on how to do this at http://www.geotrust.com/true_businessid/order/csr.htm. The most common choice will probably be Apache + MODSSL.

You will then just follow the instructions. Some caveats follow:

  1. If your certificate is expired or expiring in under one month you can not take advantage of the "Competitive Replacement".

  2. Please choose a "Validity Period" of 1 or 2 years.

  3. Under "Site Administrator" please put:
    First Name: Todd
    Last Name: Piket
    Phone Number: 906-487-1720
    Email: dcscertadmin@mtu.edu

    The dcscertadmin@mtu.edu email address is an RT queue.

  4. The Organization Name to use in your CSR is always Michigan Technological University

  5. Please note the licensing has changed a bit. The licensing verbage from GeoTrust:

    "Regardless of whether SSL session data terminates at or before the Web server, if the SSL accelerator contains a certificate pointing to multiple servers, the customer must use the Licensed Certificate Option to purchase additional licenses for each additional server the SSL accelerator is pointing to in the server farm."

    If you use load balancing or any kind of clustering for your secured servers you will probably need multiple licenses for the same certificate. This licensing model occurs across all major vendors. An example is email.mtu.edu. It is a single hostname, but IMAPS requests go to one of four servers. Even though the SSL/TLS connection stops at the load balancer we need 4 licenses for the email.mtu.edu certificate, one for each server that could answer.

line
Office of Information Technology Information Technology Services and Security Comments to: itss @ mtu.edu Updated: 6/2008