Create a 2048-bit private key using the appropriate utility on your computer. Examples of private key creation can be found at Globalsign's website or see theOpen SSL example below.
Note: This step is not necessary if renewing a GlobalSign certificate unless your web server insists on creating a new key:
If you have an existing private key from previous certificate creation, you can reuse that, as the key is not tied to a particular Certificate Signing Request (CSR). Please keep in mind that your private key must be kept secure, and it must not be accessible to visitors in your web space. You must back it up in a secure location.
If the private key is lost, you will have to create a new key and regenerate your certificates.
Enter all information in the form, and enter your CSR in the box. In particular, note the following about the form fields:
Products: OrganisationSSL or IntranetSSL. If the certificate is for public (generally, meaning available to off-campus people) or for large groups of unmanaged clients (generally, meaning an audience including undergraduate students) then use the OrganisationSSL option. If it is an internal-only service, or if the primary users are faculty and/or staff, then use the IntranetSSL option.
Get the Green Bar: This is for Extended Validation certificates. Always choose no.
New or Trade-in Certificate: if you have an existing GlobalSign certificate for your server, select Renewal. For all other cases, select New.
Include Subject Alternative Names (SAN): a SAN is a way of having multiple hostnames associated with the same certificate. If you do not know whether you require SAN support, you probably don't and should not check this box.
After selecting this box, additional options will appear. Select those appropriate to your application and enter any requested addresses and names.
Activate Standard Unified Communications (UC) Support
Secure Additional Subdomains
Secure Internal IP Addresses
Secure Additional Domain Names
Contact Information: The information provided here must include University of Waterloo phone numbers and email addresses. Requests using off-campus contact information will be denied.
Enter details for the technical contact for the certificate in the contact information fields.
Use the name of the server's administrator. We recommend that departments use a dedicated email address of the form email@example.com rather than an individual staff member's email address.
The phone number should be in the form +1-519-888-4567 ext. 33333.
Submit the form by clicking on the Continue button at the bottom of the page.
Verify the information on the confirmation page that is displayed.
Select "I Agree", "Back", or "I Do Not Agree"
If you selected "I Agree", a page will be displayed that gives you an order number. The request will be forwarded to IST Security Certificate Authority staff for approval. This approval usually takes one business day. However, it may take longer if we have to verify your request.