Otech Guideline Template

California Department of Technology

SECURE CERTIFICATE SUBMITTAL INSTRUCTION

Issued: 1/14/2013Tech. Ref. No.01.05.884

1.0GENERAL

1.1 SUMMARY

The Department of Technology (CDT)provides Symantec Corporation Secure Sockets Layer (SSL) certificates to customers. In order to consistently manage the certificates the Secure Certificate Submittal must be properly completed. This instruction provides details of the submittal.

1.2REFERENCES

IDENTIFIER / DATE / NAME
01.05.884 / 2012 / Secure Certificate Submittal
01.05.884 / 2012 / SecureCertificate Guideline
email / - / mailto:
website / - / Generating a Certificate Signing Request (CSR)
website / - / CDTContactInformation
website / - / CDTServiceRequest

2.0INSTRUCTION

The Secure Certificate Submittal will be utilized to collect certificate specifications. In order to successfully complete the submittal, please identify the following certificate information.

1. Certificate Renewal

/ Check this box if the request is a renewal of an existing CDT certificate.

1. URL / Common Name

/ Uniform Resource Locator; pointer to a resource on the World Wide Web. Example: dts.ca.gov List all URLs for SAN (Subject Alternative Name) certificates and indicate the primary URL.

1. Email Addresses(es)

/ Contact email for this certificate. Preferably a distribution list or multiple individual addresses to avoid missed communications.

1. Number of Servers

/ The number of servers associated with each common name. Multiple servers are possible where servers utilize a load balancer or Internet proxy.

1. Server Application

/ A drop-down menu is provided to indicate the server application that will be hosting the certificate.

1. Installer

/ A drop-down menu is provided to indicate who will be performing the certificate installation.CDT is able to perform end-to-end certificate services for CDT hosted customers subscribing to be supported. If not supported, please provide your name/organization in this field.
7. *IP Address(es) / *Indicate all CDTmanaged sites with IP addresses that will contain the certificate(s).

1. Number of Years

/ A drop-down menu is provided to indicate how many years this certificate will be valid. There is a 2 year maximum.

1. Department/Unit Name

/ Indicate the department and unit that the certificate(s) will be associated with/ listed under.

1. Technical Contact

/ Indicate a technical contact.

1. Preferred Implementation Date

/ If no date is specified CDT will process the request in accordance with standard processing procedures.

*This information may not be known until at the time of Submittal completion and will be asked for at the time of installation.

3.0 INSTRUCTION: CERTIFICATE SIGNING REQUEST (CSR) GENERATION

The following applies ONLY in the event that a Customeris performing the certificate installation on a non-managed server. Certificate criteria must be valid, meet Symantec security requirements, and be entered correctly.

The client must create the initial Certificate Request (CSR) file from the server and attach the file to the CDT Service Request. If multiple servers are involved, only one CSR is required per common name.

For assistance with creating the request, Symantec provides instructions to Generating a Certificate Signing Request (CSR). It is critical that the CDT certificate information listed below be used or Symantec will reject the CSR file.

Items in boldredmust be entered EXACTLY as shown (they are case-sensitive) during creation of the CSR file. Confirm values entered in the CSR contain no spaces at the beginning or end. Invalid values in the Certificate Signing may delay processing.

1. Create the Certificate Signing Request file from client server.
2. Select/enter 2048-bit key length (minimum level).
3. Common Name/ Top-level Domain Name (this is the fully qualified domain name registered in DNS for an authorized state domain. Example: dts.ca.gov). For SAN certificates please indicate the primary URL here.
4. Organization: State of California
5. Organizational Unit: (Example: EDD or DMV)
6. Locality: Rancho Cordova
7. State/Province (no abbreviation): California
8. Country (2-letter code, no punctuation): US
9. Attach created CSRtext file to the Remedy Service Request (SR) only if the certificate is Customer managed.

01.05.885 - SECURE CERTIFICATE SUBMITTAL INSTRUCTION

Page 1 of 2