Service Desk Knowledgebase: Certificates

From Computer Laboratory System Administration
Jump to navigationJump to search


This is the Certificates content page of the CL Wiki Service Desk Knowledgebase. Its purpose is to provide information to the Service Desk team on how to handle problems and requests about this CL service. If you are involved with the provision of this CL service please feel free to add to the knowledge about that it.

If CL staff need to tell the Service Desk team about problems with this service please email
sys-admin-aside@cl.cam.ac.uk.

Return to the Service Desk Knowledgebase SERVICE PORTFOLIO

Key Service Description & URLs

CL Customer Documentation

Further CL Sys-Admin Resources

Underpinning Services

  • None

Customer-base for this Service

  • All staff and research students of the Computer Laboratory

Costs

  • Free to all current staff and research students of the Computer Laboratory

SLA

  • N/A

Service Desk Call Handling Procedure

  • RT tickets can be escalated by changing the Queue to backoffice with the Owner set to Nobody and the Status as new. Tell the requestor:
    I am passing this request over to the experts who, I'm sure, will be in contact shortly.

Certificate Requests

We should handle certificate requests and generate the CSR rather than ask users to do it as it is a bit fiddly and they often get the details wrong resulting in too many iterations. Windows is easy if for a single machine but difficult for requests with Subject Alternative Names (SANs) added.

Procedures are documented on the CL WiKi using the email address sys-admin@cl.cam.ac.uk for any correspondence.

And after the private key is created:

1. Copy private key file (.pem) to requestors home directory adding the date to avoid filename clashes using:
sudo cp cdn-dtg.pem /homes/ipd21/2015-02-16.cdn-dtg.pem

2. Make sure only that person can read it as it is this file that ensures that the site is what it claims to be using:
sudo chmod 600 /homes/ipd21/2015-02-16.cdn-dtg.pem
then
sudo chown ipd21:ipd21 /homes/ipd21/2015-02-16.cdn-dtg.pem

3. In the RT Ticket tell the person it is there and that we'll pass on the certificate when we have it from the UIS.

4. Pass-on the certificate to the requestor when it arrives from the UIS into RT.

Contacts

Primary


Other

Availability

  • N/A

Hints, Tips & Known Issues

Janet Certificate Service: SSL certificate expiry notice for ServerName

Graham Titmus (27/01/15)

You may receive email from JANET warning that a certificate is due to expire shortly. However certificates are often replaced early. Check the certificate using IE to the web-server & click the padlock next to the URL & view certificate to check the expiry date. If it's later than JANET think the ticket can be Resolved with an appropriate comment. If it is due to expire soon follow the escalation route.

Categorising Keywords

  • A categorization or service type
Retrieved from "https://wiki.cam.ac.uk/wiki/cl-sys-admin/index.php?title=Service_Desk_Knowledgebase:_Certificates&oldid=2546"