Requesting or renewing a Virginia Tech Middleware Client Certificate


How do I request or renew a Virginia Tech Middleware client certificate?


Procedure to enroll for a Virginia Tech Middleware certificate:

  1. Complete the request form for a Middleware Client Certificate at Service Catalog for Middleware Client Certificate
  2. Login to the Certificate Manager and submit an online request.  
    • Select VT Middleware Client in the list of available certificates.
    • Specify the Common Name (MUST BE the same name as the ED-ID Service name).
    • Specify the Organization Unit (Should be your department name).
    • Specify an Email address to be used for notifications when the certificate is issued or nearing expiration.
  3. Generate a CSR (Certificate Signing Request)
    • The method used for generating a CSR (OpenSSL is the most common) varies depending on the application which will be using the certificate. Please follow the directions provided with your application software to generate a CSR. When requested for keysize during CSR generation, please specify a key size of at least 2048 bits when generating your key pair.
    • The VTCA (Virginia Tech Certification Authority) will generate DN attributes for you, so default values are acceptable.
    • If you are using OpenSSL, here is an example command: openssl req -newkey rsa:2048 -keyout key.pem -out req.pem -nodes
  4. Upload a PEM- or DER-formatted certification request file (CSR) with the "Browse..." button or paste a PEM-formatted request into a text area.

    A PEM-formatted request is a BASE64 encoded certificate request starting with:
    and ending with

  5. After enrolling, an email will be sent to the email address provided in the request with instructions on how to download your certificate within one or two business days. If you encounter problems please contact IMCS for assistance at
  6. The InCommon chain must be trusted by your application. Download the chain here.