Helpdesk

Page tree

University of Tartu IT wiki

Versions Compared

Old Version 8

changes.mady.by.user Joonas Masing

Saved on

compared with

New Version 9

changes.mady.by.user Joonas Masing

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this guide, you can find instructions on how to request a domain name subscription for the web page that belongs to the University of Tartu.

HTML Wrap
classbutton button1

(info) Eesti keeles


A domain name is a unique name used to identify services on the Internet, consisting of letters, numbers, and hyphens separated by periods. Dots define the hierarchical structure of the domain name, which is read from right to left.

  • Any part separated by periods must not begin with a hyphen or a number.
  • A domain name can also contain umlaut letters (ä, ö, ü, õ)
  • A domain name can refer to a specific device connected to a computer network or subservices located on the device.
  • Multiple domain names can refer to the same device or service.

Guides

Expandtitle
Warning

You can find more detailed information about ordering web certificates in the guide Ordering web certificates for domain names.

Ordering

How to order

domain names

Please contact IT-department to request the domain name subscription for the web pages that belong to Tartu University.

  1. One exception is sisu.ut.ee. Please follow the guide https://sisu.ut.ee/juhendid/settings-publishing-website sub-paragraph "Custom UT-domain" when requesting the domain name for the sisu.ut.ee server.
  2. Domain names with the ending of ut.ee are registered only when absolutely necessary.
  3. The IT-department will decide if the registration of the requested domain name is justified.
  4. The requested domain name will have to comply with the established requirements: https://www.internet.ee/domains/ee-domain-regulation sub-paragraph 3.2.
  5. The domain name must be free for registration. This can be checked on the page https://www.zone.ee/en .
  6. Domain names with the ending of ut.ee are registered free of charge. For other domains some fee might apply. The price can be checked on the https://www.zone.ee/en/ web-page under "Enter the desired domain name".
  7. One has to also supply the desired period of validity in years when requesting the paid domain name. IT-department will forward the invoice to registrant and the requested domain name will be activated after the registrar receives the payment.
  8. IT-department will carry out complementary activities like configuring the name server.
  9. IT-department will send out remainder to registrant about one month before the expiration of the registration period. The registration can be extended up to three months before the deadline. The expired domain name might end up on auction and is free for registration only after failed auction process. 
Expand
titleOrdering web certificates for domain names

The University of Tartu uses two certification service providers to order certificates for websites, LetsEncrypt and Sectigo.

  • In the paid web hosting server webhost.ut.ee it is possible to choose both solutions, LetsEncrypt is set by default.
  • sisu.ut.ee uses only LetsEncrypt.
  • In all other cases, depending on your skill, you can set up either LetsEncrypt or order a certificate through IT helpdesk for Sectigo CA.
  • Webhost.ut.ee and sisu.ut.ee LetsEncrypt service is set up by ITO employees. Sectigo CA certificates are mostly ordered by ITO and HPC employees, but if there is a justified need, we create a Sectigo certificate ordering account for non-ITO UT employees as well.

LetsEncrypt

LetsEncrypt - a free service that requires the installation of a certificate renewal utility on the web server. This is necessary because LetsEncrypt only issues certificates with a validity period of a few months. The website must be open to the entire Internet to order and renew the certificate.

Detailed instructions can be found on the service provider's web portal.

Sectigo

NB! This section is only for those who have a valid Sectigo certificate ordering account.

The procurer of the service contract is GÉANT, it is managed to the University of Tartu by EENet operating under HTM. The Sectigo CA service is free for UT. Based on the current terms of service, Sectigo certificates may be ordered only for domain names registered in the name of the University of Tartu. The certificate is valid for a maximum of one year, it can be ordered both through the service provider's web portal and via the ACME protocol with certbot scripts.

Expand
titleOrdering a certificate from the Sectigo CA portal
  1. Log in to the Sectigo web portal and make sure that it is possible to order a certificate for the necessary second-level domain name in the portal:
    1. Three dashes in the upper left corner → Menu → Domains - displays a list of available 2LD domain names.
    2. If the required 2LD domain name is not in this directory, contact the IT helpdesk with a request to add it.
  2. To order a certificate, a key file and a certificate order file must be created.

  3. The Linux command line command is suitable for creating the key file:

    Code Block
    openssl genrsa -out <id>.key 2048

    <id> must be replaced with an identifying name, for example a domain name and the year of ordering, such as "www.ut.ee_2021". The command results in the file <id>.key.

  4. The following command is suitable for creating a certificate ordering file:

    Code Block
    openssl req -new -sha256 -key <id>.key -out <id>.csr -subj '/CN=<domeeninimi>'

    <id> is the same as when creating the key. The command results in the file <id>.csr

  5. Make sure the domain name is validated:
    1. Choose from the menu (three dashes in the upper left corner) → Domains → Make sure that the status of the required domain name is "VALIDATED".
  6. If the domain name is not validated, send a request to the IT helpdesk to validate the domain name.

  7. Choose from the menu (three dashes in the upper left corner):

    1. Certificates → SSL Certificates → "+" (upper right corner) → Using a Certificate Signing Request (CSR)Next.

  8. From the drop-down menu:

    1. Organization -> Tartu Ülikool

    2. Department -> The corresponding subdivision of the University of Tartu for which the certificate is ordered

    3. Certificate Profile -> "GÉANT OV SSL" or "GÉANT OV Multi-Domain", if the certificate covers more than one domain name

  9. Click Next.

  10. An area will appear where you can drag the previously created <id>.csr file with the mouse or copy the contents of this file as text.

  11. Click Next.

  12. For Multi-Domain, additional domain names can now be added to the "Subject Alternative Names" field.

  13. Click NextOK.

After some time, Sectigo CA will send an email with instructions on how to download the newly created certificate. If the e-mail has not arrived within an hour, then there is already a reason to contact IT helpdesk.

Expand
titleOrdering a certificate via ACME with the certbot utility
  • To use Certbot, the Sectigo key files directory must be pre-configured in the letsencrypt directory.
    If it is not there, ask for it through the IT helpdesk.
  • Certbot can be used to order certificates only for domain names validated in the Sectigo portal and allowed for script ordering.
    If you are unable to order the certificate, please report it to the IT helpdesk.

  • Command line example for ordering a certificate:

    Code Block
    certbot certonly --standalone -d myweb.ut.ee

    As a result of this command, myweb.ut.ee certificate files are created in the letsencrypt directory tree. With the certbot command, you can instantly create certificates in the correct location and reload them on the web server. Sectigo ACME does not require the website to be active and available.

    • It is worth noting that when ordering a certificate using certbot, Sectogo assumes that the order is performed by a script that runs periodically, so no relevant notifications are sent to the subscriber when the certificate's expiration date approaches.


    IT helpdesk telephone number 737 5500

    (short number: 5500)