HARICA is a globally trusted third party that actively participates in all major global Root CA trust programs, including 360, Adobe, Apple, Microsoft, Mozilla, and Oracle. It operates as a trust anchor in widely used application software and operating systems such as Adobe, Apple, Google, Microsoft, Mozilla, Linux, and Oracle Java. In this article, we shall discuss how to generate CSR and Request a certificate from Herica CA. Please Log Off: How to sign out of Windows Server 2012, and how to “Import certificates into Trusted Root and Personal certificate store“.
The Greek Universities Network (GUnet), a non-profit civil company funds HARICA at the moment. Greek universities form the membership of GUnet. The IT Center of Aristotle University of Thessaloniki operates this GUnet service, known as the Hellenic Academic and Research Institutions Certification Authority (HARICA). HARICA acts as a Trust Service Provider (TSP), also known as a Certification Authority, and a Qualified Trust Service Provider (QTSP).
Please see how to Install and configure Active Directory Certificate Services, how to use the DigiCert certificate utility for Windows to create a CSR, and how to upgrade Windows Admin Center 2306 – 2311: Run WACmg v2401.
Generate a Certificate Signing Request
This step is optional because Herica provides an opportunity to generate the certificate signing request automatically via the web form.
Please see the section below on how to generate a CSR.
Here is an article on how to Request a certificate signing request in Windows using Microsoft Management Console. Also, see the components needed to create a certificate signing request.
Request a Certificate
To request a certificate from Harica. Please viisit HARICA’s CertManager and request a certificate. Your personal information must be accurate and fully matched (letter-by-letter) with a government-issued identification document.
You will be required to register your account via the URL or buy one by contacting them. Please populate the form as shown below.
Upon registration, you will get an email to activate your account.
Once you log in, from the sidebar, click Server and SSL and proceed as prompted.
Enter a friendly name. Note that is is optional.
Also, see how to configure WebLAPS to manage Microsoft LAPS, how to how to Shrink and Compact Virtual Hard Disks in Hyper-V, and how to fix Task failed to perform Scheduled Snapshot Replication
Auto Generate CSR or Submit CSR Manually
At this point, you have got two options. You can either auto-generate csr automatically via the form ,or do this manually on your PC via IIS, MMC, Windows Admin Center, PowerShell etc.
I will manually submit the CSR as shown below.
Please see how to deploy Azure Virtual Desktop in Azure Portal, and how to correctly uninstall Nextcloud from Mac.
Generate Certificate Signing Request (CSR)
Since I have selected the second option to generate the CSR. I will select the Domain-Only (DV) or the Enterprises or Organisation (OV). Select your type of certificate to request.
Note: Please keep in mind that HARICA’s SSL/TLS Certificates have a maximum validity of one (1) year. This limitation is enforced by the CA/Browser Forum and Certificate Consumers (e.g. Apple, Google, Microsoft). Choosing to purchase a certificate for 2, 3, or 4 years means you will get a new certificate for the remaining time without any additional cost. You will receive expiration notifications before each certificate expires.
Click on Next to proceed.
On the organisation information window, click on Next to proceed.e
Review and accept the certificate license terms as shown below.
The below steps assume that you have completed the manual CSR generation as discussed in the links above or steps below.
Please see Convert Google Forms Into Microsoft Forms, and how to upgrade Veeam Backup and Replication 12.3.
Certificate Signing Request
A Certificate Signing Request (CSR) is one of the first steps in obtaining an SSL/TLS certificate. You generate the CSR on the same server where you plan to install the certificate. It includes essential information about the entity or individual requesting the certificate, such as the organization’s name, website domain, locality, and public key.
The public key is part of a cryptographic key pair, consisting of a private key (kept secret) and a corresponding public key (included in the CSR). The Certificate Authority (CA) uses the CSR details, including the common name, organisation, and country, to create the certificate. Additionally, the CSR contains the public key that the CA will include in the final certificate and is signed using the corresponding private key.
Launch MMC and Load Snapin
To generate a CSR, launch MMC as shown below.
Click on file, select add/remove Snap-in. Select Certificate and click on add
Select Computer Account and click on Next
Click on the local computer and click on finish
Finally, click on OK.
Generate a CSR
This will open the certificate management console. Expand the certificates, you will have access to all folders in the local computer as shown below.
Next, click on Personal, select all tasks, and advanced options and Create a Custom Request
You could select “Select proceed without enrolment” and click Next to proceed. This allows you to generate a CSR manually without using an Active Directory-based certificate authority (CA).
Note:You must provide details such as the key length, hash algorithm, and subject name manually.
After generating the CSR, you must submit it to a public or private CA for signing.
Do not use the Active Directory Enrollment Policy in this case..This is because, for the Active Directory Enrollment Policy". The certificate request is processed within the organization's PKI infrastructure. This option uses an Active Directory-integrated CA to generate and issue the certificate. It automates the CSR process by applying predefined certificate templates and policies set by the organization's Active Directory Certificate Services (AD CS).On the Custom request, leave everything as default.
On the Certificate Information page, expand the details tab as shown below and click on properties.
Enter your desired friendly name and description and click on apply
On the Subject menu, enter the relevant details and click on Apply.
On the Private Key Menu, expand the key option in order to select your desired key size etc.
Finally, enter your desired path to store the certificate.
The system usually creates the CSR in a Base-64-based PEM format. You can open the CSR file with a simple text editor, and it will resemble the sample below.
Now, you can submit the CSR manually as shown below.
Shortly, you should get an email if approved or revoked. See the following interesting guides on how to import a certificate into the Trusted Root and Personal file certificate store, and how to export a certificate in PFX format in Windows.
I hope you found this article on how to generate CSR and request a Certificate from Herica CA. Please feel free to leave a comment below.
The post Generate CSR and Request a Certificate from Herica CA appeared first on TechDirectArchive.