The private key and the certificate signing request (CSR) are generated by the server administrator. The administrator then uploads the certificate signing request (*.csr file) to the server. IT Services checks the request. Once the request has been approved, the certificate is issued and the administrator receives an email with download links for different certificate formats.

Quick guide
 

1. Generate private key (RSA-4096 or ECC-384) and CSR

• with OpenSSL
• with IIS Manager

2. Logging into HARICA CertManager
    2.1. Go to the website https://cm.harica.gr/.
    2.3. Select Academic Login when logging in.
    2.4. Enter BTU in the search field and select BTU Cottbus - Senftenberg.
    2.5. Log in with your BTU login details and confirm the transfer of information.

3. Accessing the certificate dashboard
After logging in, you will be taken to the HARICA dashboard.
    3.1. In the left-hand menu, click on Server under Certificate Requests to request a new server certificate.

4. Creating a new certificate
    4.1. Enter a descriptive name for the certificate, e.g. Web server, Exchange, etc.
    4.2. Enter your FQDN (e.g. serv1.inf.b-tu.de).
       4.2.1. The FQDNs in the CSR are currently still ignored by Harica.
       4.2.2. If you want to cover multiple FQDNs with one certificate, click on Add more domains and add them.
    4.3. Uncheck Include www.domain.de without additional cost. if you do not need the www. subdomain.
    4.4. Click on Next.

5. Product selection
    5.1. Select For enterprises or organisations (OV) as the certificate type.
    5.2. Click Next.

7. Upload CSR (Certificate Signing Request)
    7.1. The certification authority recommends uploading the CSR created in step 1 manually, as otherwise it cannot be guaranteed who will receive the secret key and password.
    7.2. If you have already created a CSR, paste it into the field provided.
    7.3. Agree to the privacy policy.
    7.4. Click on Submit request to request the server certificate.