Getting SSL/TLS: Difference between revisions

From ULYSSIS documentation
(Created page with "ULYSSIS does not sell or offer any other SSL certificates than our self-signed certificate. We will however guide request and install a certificate from the KU Leuven is you a...")
 
No edit summary
Line 1: Line 1:
ULYSSIS does not sell or offer any other SSL certificates than our self-signed certificate. We will however guide request and install a certificate from the KU Leuven is you are eligible for one, and we will also install certificates you have bought elsewhere.
ULYSSIS does not sell or offer any other SSL certificates than our self-signed certificate. We will however guide requests and install a certificate from the KU Leuven is you are eligible for one, and we will also install certificates you have bought elsewhere.


==Requesting SSL from the KU Leuven==
==Requesting SSL from the KU Leuven==

Revision as of 13:48, 14 August 2014

ULYSSIS does not sell or offer any other SSL certificates than our self-signed certificate. We will however guide requests and install a certificate from the KU Leuven is you are eligible for one, and we will also install certificates you have bought elsewhere.

Requesting SSL from the KU Leuven

The KU Leuven partners with other universities to use free SSL for its services, organisations and employees. We have permission to request SSL for Student Unions recognized by LOKO or another official body. Organisations are required to be recognized by LOKO or another official body and need to supply a reasoning why they need SSL. Individual users can request SSL but ICTS will only grant permission with elaborate reasoning.

Before sending us a request the following steps have to be done:

  • Setup the site that needs SSL
  • Change the domain's organisation-attribute to Katholieke Universiteit Leuven or KU Leuven
  • Create a forwarder from hostmaster@yourdomain.tld to ulyssis@ulyssis.org

Then you can send an email to ulyssis@ulyssis.org containing your name, the name of the organisation, what you will use SSL for and the domain and if needed a list of subdomains.

We will then generate the required cryptographic key and request and submit them with ICTS. It usually takes a few days before they have had time to verify both the domain and then the request for SSL itself. As soon as ICTS approves the request we will install the certificate and notify you.

External certificates

To install external certificates we require the certificate itself, the private key, and possibly the chain. We prefer you also send us (a link to) the documentation of your supplier. As certificate files, especially private keys, are a delicate matter we suggest you just email us the path in your homedirectory you've put them and we will move them over to the webserver safely. For more information concerning this procedure you can always contact us on ulyssis@ulyssis.org