Certificates: How to request a digital certificate for a web server

Note for University Departments regarding Payment Card Industry (PCI) compliance:

Princeton University is contractually obligated to comply with the Payment Card Industry's Data Security Standard for every system or business process that involves the acceptance of credit or debit card information for any purpose (e.g., the sale of goods or services, donations).  Any non-compliant system or business process can pose a financial and reputational risk to the University.  Therefore, no system or business process that collects credit and/or debit card information may be implemented without the approval of the Office of Finance and Treasury's Finance Technology area and the University's IT Security Officer.

Requesting a digital certificate for a web server

Complete the Digital Certificate Request Form

To request a certificate, you will need this information:

  1. Technical contact netID and email address
  2. Web Server Software
  3. Generate a Certificate Signing Request (CSR) on your web server. Include the CSR along with the rest of the required information. This should be at least 2048 bit.
  4. The default certificate is good for 398 days. 

More Information About Generating a Certificate Signing Request (CSR)

Digital certificates make use of a technology called Public Key Cryptography (PKC). PKC uses Public and Private Key files. To begin the process of obtaining a web server certificate, you must generate a Private Key and Public Key pair on your web server. The Public Key part of the pair is also called the "Certificate Signing Request" (CRS). The CSR validates the computer-specific information about your web server and Organization when you request a inCommon web server certificate from OIT. The CSR is the key that must be submitted along with your request for a web server certificate.

The CSR (or Public Key) and the Private Key must be generated as a pair. In certain web server software platforms like Microsoft IIS, both are generated simultaneously through the Wizard on the web server. You will be prompted to enter the information about your organization in order to generate the Private Key and CSR pair off the web server, typically Organization Name, Organizational unit, Country Code, State, Locality, and Common Name (name of the host). For Princeton, these values are: