Instituto Superior Técnico

Serviços de Informática

How to obtain a digital certificate issued by the certificate issuing service of TERENA?

For server administrators who want to offer secure connections to their services through SSL/TLS, and for that reason, wish to request an X.509 digital certificate issued by the TERENA certifying entity, follow the procedure described below.

This service is only available for server certificates under the domains tecnico.ulisboa.pt and ist.utl.pt.

  1. Generate the CSR (Certificate Signing Request) in PEM format, filling in the fields referring to the name of the organization and the name of the organizational unit according to the following format:
    • Required fields:
      • Country – C=”PT”
      • Organization – O=”Universidade de Lisboa”
      • Common Name – CN=”[server name.domain].tecnico.ulisboa.pt”
        1. The public key must have a 2048 bits size.
    • Optional fields (Optional fields must be empty or complete, as described above. Personal e-mails or other values ​​for the “Location” field are not allowed. Multiple CN attributes can be indicated with other domain names ending in ist.utl .pt or tecnico.ulisboa.pt):
      • Locality – L=”Lisboa”
      • State/Province – ST=”Lisboa”
      • Email – E=”[official support address]@[domain.]tecnico.ulisboa.pt”
      • Common Name – CN=”[server name.domain].ist.utl.pt”
      • Common Name – CN=”[server name.domain].tecnico.ulisboa.pt”
    • Valid entries (example 1):
      • O=”Universidade de Lisboa”
      • OU=”Instituto Superior Tecnico / Departamento de Engenharia Civil”
    • Valid entries (example 2):
      • O=”Universidade de Lisboa”
      • OU=”Instituto Superior Tecnico”
    • Invalid entries (example 1):
      • O=”Instituto Superior Tecnico”
      • OU=”Departamento de Engenharia Civil”
    • Invalid entries (example 2):
    • O=”Universidade de Lisboa”
    • OU=”Departamento de Engenharia Civil”
  2. Send an email to DSI (si@tecnico.ulisboa.pt) with the CSR file attached and the list of additional domain names that the certificate must contain.
  3. After validation by one of the DSI administrators (institutional proxies), this request is forwarded to TERENA. After issuing the certificate, DSI will respond to the request with the attached file containing the certificate for the server and the certificates hierarchical chain of issuing entities responsible for issuing the certificate. The process is usually quick, with certificates being issued within one or two business days.

You can consult more information about GEANT’s Trusted Certificate Service and the various types of certificates issued at the following address: