UWM Digital Certificate Service - FAQ
Where do I find common troubleshooting support?
Technical support and troubleshooting is being provided by Comodo via email, a web ticketing system and telephone. Please see the bottom of the UWM Digital Certificate Service page for more information. InCommon also maintains a FAQ with additional information.
Where can I submit my CSR?
You will be prompted for your access code and UWM email address.
Why am I getting the error message "Unable to read the CSR. Please try again or contact support" when I try to submit my CSR to the InCommon Certificate Service?
The InCommon Certificate Service has stopped issuing certificates of less than 2048-bit key length and stopped accepting Certificate Signing Requests (CSRs) generated with keys of less than 2048 bits. You must use at least a 2048-bit key when generating your CSR.
Where can I re-download my certificate?
You will be prompted for:
- Your Certificate ID (which was in the email they received when their certificate was issued)
- SSL certificate format (select one of the following choices in a drop-down menu)
- PKCS#7 Binary
- PKCS#7 Base64
- X509 Base64
- X509 Base64 Certificate Only
- X509 Base64 Intermediates Only
Where can I request a revocation of my certificate?
You will be prompted for the following information:
- Your Certificate ID: (included in the email you received when your certificate was ready)
- Passphrase: (The pass-phrase you entered when you requested your certificate)
- Comments: (Please mention why you want to revoke your certificate)
What kind of turnaround time can I expect?
Turnaround time will be 3 campus business days. Therefore, it is imperative that you plan accordingly. Certificates will not be approved outside of normal campus business hours.
Why is my cert only valid for one year?
Certificates are issued with a default term length of one year. Two and three year certificates are available upon request for production systems. Please include requests along with a brief justification for longer term length certificates in the comment field during CSR submission. RAO's and DRAO's will evaluate validity of the request and do reserve the right to deny term length requests. Test and development systems will only be issued one year certificates.
Are wildcard certificates available?
Wildcard certificates, when compromised by attackers, have the potential to be far more damaging than standard SSL certificates, since they could be used to spoof any host in the domain of the wildcard, not just the FQDN's it is meant for. Wildcard certificates are not available through the UWM Certificate Service. For more information please contact the UWM Identity and Access Management Team (IAM). http://www4.uwm.edu/iam/contact
Which domains are eligible for certificates?
All hostnames within UWM’s .edu domain and other domains owned by UWM are eligible for certificates through the InCommon agreement. This includes:
Do I have to use a certificate from the UWM Digital Certificate Service?
Yes -- The InCommon certificate service was acquired through UWM purchasing for the purposes of providing certificates for UWM owned domains. There is a contract in place for it's use. Other certificate services would be a duplication of the UWM Certificate service and would not necessarily be acceptable under state purchasing rules. Note that in most instances you are not allowed to accept terms and conditions when using a state P-card.
- Visa Purchasing Card Program Cardholder Manual
- Purchasing Procedure 3.2.6 - Purchases Requiring Additional Approvals
Can I get a certificate for a host in a non-UWM domain?
Yes — as long as UWM owns the domain. To ensure the university's compliance with the InCommon agreement, requests for certificates outside of UWM.edu domains are subject to extra vetting and approval, by both the university and InCommon.
To begin your request, contact the UWM Identity and Access Management Team (IAM) specifying the domain to be added. The UWM IAM Team will initiate the process of validating the domain with InCommon. After the domain is validated, you can then request a certificate for a host in that domain through the normal channel.