When you request a cert, the Service Now ticket goes to the certificate admins. Once the admins have entered the information into the InCommon certificate portal and approved the certificate, you'll get an email with the certificate in 10-15 minutes. If you request auto-renew=on (the default and our preference), 30 days before your certificate expires, you'll get an email with the renewed cert.
We have notifications set to go out at 60, 30, and 14 days before expiration. If certs are auto-renewing (which again is most likely the case), you can ignore these. There is nothing for you to do except make sure you get the email with the renewed cert. We can disable notifications for a particular cert, but it's a manual process to modify. And you would no longer get any notifications, including if the auto-renew failed.
Other Notes:
- The auto-renew uses all of the previous settings to generate the new cert. The change that most certificate publishers did a year or so ago to only allow 1 year certificates broke auto-renew for most certificates as they were 2 year certs. Which is why we've had to recreate certs lately. Going forward, auto-renewal should work as expected.
-
- The contact address listed in the certificate request form is who will get the notifications and certificate emails. We've had a fair amount of issues in the past with certs being requested by someone who then left the University or their current department. Certs would expire because the new system owners never got the notices. This is why we started asking for a "Departmental Email Address" on the form.
NOTE: The intermediate certificates and the root certificate are attached for your convenience.