We provide a digitally signed certificate to IITK community on per request basis.
The certificate can be used by various IITK servers to enable secure version of insecure protocol such as https, ldaps, smtps etc.
For this the user has to generate a certificate request by following command and send it to CC. CC can also help in the process.
A department can become a secondary CA, by taking appropriate approvals.
CC will send back a signed certificate after verification.
User should remember not to send the private key to us.
In redhat: /etc/pki/tls/misc/CA -newreq
In debian: /usr/lib/ssl/misc/CA.pl -newreq
In above, it will ask details about the server which needs the certificate.
CN of the certificate must be the full hostname (FQDN) of the server.