Versions Compared

Old Version 2

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Paul Caskey (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Tip
titleInCommon Certificate Service SSO and MFA Available

The use of single sign-on and multifactor authentication for accessing the Comodo Certificate Manager is available to any subscriber that also operates an Identity Provider in the InCommon Federation. See this wiki page for details.

The InCommon Certificate Service issues unlimited Extended Validation (EV) SSL/TLS certificates at no additional cost to subscribers. Because EV certificates require additional levels of validation for the requesting organization, our partner Comodo must handle all of the paperwork as well as the validation process for EV certificates.

...

  1. Confirm Domain Approval - Confirm that the domain for which you are requesting the EV certificate has already been approved by InCommon.
  2. Request an EV Cert via the Certificate Manager (CM)
  3. First, request an EV certificate using the Certificate Manager (CM). This generates an order number in Comodo's system, which you will need for the next step.
  4. Submit the Required Documentation - Comodo requires three documents before issuing an EV SSL certificate. These documents should be sent directly to Comodo (not to InCommon). Include your order number on each document for reference.
    1. EV SSL Certificate Subscriber Agreement (submitted only once)
    2. A Legal Opinion Letter (see this Sample Legal Opinion Letter)
    3. An EV SSL Certificate Request Form (see below)

Be sure to list all domains for which you intend to request EV certificates in both the Legal Opinion and the EV Certificate Request Form. Listing the parent domain will cover all sub-domains. For example, listing foo.edu is sufficient to cover web1.foo.edu, web2.foo.edu, etc.

Send via fax or email to Comodo:

Fax: 1-866-446-7704

Email: evdocs@comodo.com

Documentation Details

Please note your order number on all three forms to speed the process with Comodo.

  1. Comodo CA requires the completion of two documents for EV Validation. The Subscriber agreement is accepted when the initial EV certificate is requested. The Certificate Request form is emailed to the requestor with instruction on how to click thru to complete the process.
    1. EV SSL Certificate Subscriber Agreement - The EV SSL Certificate Subscriber Agreement 
    The EV SSL Certificate Subscriber Agreement
    1. is separate from the InCommon Certificate Service Addendum. There is no additional charge for EV certificates, but this agreement with Comodo is required. This is required once per organization.
    When submitting, please place your order number on the document, on a cover sheet, or in the accompanying email message.The Legal Opinion Letter will verify:
  2. Applicant’s Legal Status
  3. Flagged Entity Check – Manually done by Comodo
  4. DBA/Trade Name
  5. Physical Existence
  6. Operational Existence
  7. Phone Number
    8. Domain Ownership – (Please list ALL domains you own for which you wish
    2. EV SSL Certificate Request Form

Be sure to list all domains for which you intend to request EV certificates

...

in

...

both the Legal Opinion and the EV Certificate Request Form. Listing the parent domain will cover all sub-domains. For example, listing foo.edu is sufficient to cover web1.foo.edu, web2.foo.edu, etc.

...

Comodo will verify the organization in one of two ways.

...

Requesting an EV Anchor

Image Added

Image Added

An anchor certificate will pre-validate domains for future EV certificate requests. All domains that require an EV certificate should be included in this request.  If a domain is not listed in this request, you can still request an EV certificate; however, there the order will need to be processed manually by a validatior.

There is no prerequisite to create an EV anchor certificate yet we suggest every organization follow the following steps. Please note there is only one EV anchor certificate that can be applied to each organization (school).  This procedure does not change current certificate ordering process - it is simply to help make EV processing more efficient.  The EV Anchor is NOT an actual certificate that can be used.


The most recent instructions for obtaining an EV Anchor Certificate can be found in the attached document: EV anchor and SCM v3.pdf

Please include the order number on the document, on a cover sheet, or in the accompanying email message. If, later, you need to add a domain not included in your original Legal Opinion Letter, you can re-use the letter (provided it is for the same organization), but please include the new order number.

EV Certificate Request Form

If you have multiple domain names, list them all on this form. There are two different forms; choose the form that fits your situation:

You can use one Certificate Request Form for multiple orders submitted at the same time. Otherwise, each order requires its own Certificate Request Form.

...