Overview
A digital certificate is an electronic signature that establishes your credentials when doing business or other transactions on the web. They can also be used to help encrypt network traffic between computers.
Digital certificates are issued by a certification authority (CA). They can can contain your name, identification number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority. The digital signature enables the recipient to verify that the certificate is real.
The University provides InCommon digital certificates to faculty, staff and departments for accessing computer services that require them. Digital certificates are available for computer workstations as well as servers.
For Your Computer
Go to Manage My Account, click on Apply for Digital Certificate, and follow the instructions.
For Servers
Only University faculty or staff with a primary University Computing Account may request certificates. Certificates are provided by InCommon with Sectigo as the issuing Certificate Authority.
Certificates are currently available for the domain pitt.edu. Additional domains can be added if the domain is hosted in the University DNS servers. If you want to add an additional domain, please contact the Technology Help Desk. Requests for additional domains may take three to four weeks to process.
Complete the following steps to apply for a certificate:
1. Generate a Certificate Signing Request (CSR) on the server by visiting https://cert-manager.com/customer/InCommon/ssl?action=enroll
2. Enter your University email address to receive the authentication email.
3. Go to your email and click Confirm Authentication Request
4. Enter the case-sensitive access code: UPitt
5. Click the "Submit" button.
6. Paste the CSR into the textbox on the form.
7. Click the "Get Common Name from CSR" button.
8. Select the Certificate type. For a single hostname, select the "InCommon SSL (SHA-2) " option for SHA-2. For more than one hostname, select the "InCommon Multi Domain SSL" option and enter all of the hostnames in the "Subject Alternative Names" field.
9. Select your Server Type.
10. The certificate term should be 1 year.
11. Enter and verify a pass-phrase for the certificate.
12. In the "Comments" field, enter a brief description of the use for the certificate.
13. Click the "Submit" button.
After your request has been submitted, either the Help Desk or Pitt IT Security will review the request, approve or deny it, and then notify you via email. Approved requests are forwarded to Sectigo, who will issue the certificate within 72 hours. You will then receive an email from Sectigo with instructions explaining how to download the new certificate.
If you have any questions, please contact the Technology Help Desk at 412 624-HELP [4357] or submit a request.