Entitlement Authorization for Certificate Requests
Entitlements may be used to authorize a person to request certificates in a domain that you, as a Network Liaison, manage. The benefit of using entitlements for this authorization is that you can authorize a person to request certificates for a specific name or domain indefinitely, rather than having to approve each certificate request made for a person. If you do choose to use entitlements for this authorization, you should periodically review them.
For example, as a network liaison of foo.vt.edu, you may create entitlements to authorize specific names in the foo.vt.edu domain:
- foo.vt.edu
- bar.foo.vt.edu
- baz.bar.foo.vt.edu
Or, you may create wildcard entitlements to authorize any name in the foo.vt.edu domain or subdomain:
- *.foo.vt.edu
- *.bar.foo.vt.edu
- *.baz.bar.foo.vt.edu
Follow these steps to create an entitlement:
- Go to https://certs.it.vt.edu
- Click Entitlements in the navigation menu. (if you do not see this option, you are not a network liaison for any domains)
- Click on a domain to manage entitlements for.
- Enter the pid(s) of the person(s) you are granting an entitlement to.
- Enter a name to create an entitlement for.
- If you are creating an entitlement for bar.foo.vt.edu, enter bar in this field.
- If you are creating an entitlement for only the domain, leave this field blank.
- Click the Wildcard Prefix? checkbox if the entitlement is for any name in the domain or subdomain.
- Finish creating the entitlement by clicking Create Entitlement.
If at any time you wish to delete an entitlement for a person in a domain you manage, follow these steps to delete an entitlement:
- Go to https://certs.it.vt.edu
- Click Entitlements in the navigation menu. (if you do not see this option, you likely are not a network liaison for any domains)
- Click on a domain to manage entitlements for.
- In the Entitlement data section, click the Delete button next to the entitlement you want to delete. If you do not see this section, no entitlements exist for the domain.
Note that:
- At this time, non-vt domains are not supported.
- If you stumbled on this page as a person wanting an entitlement, reach out to the network liaison of the domain you are requesting a certificate for and direct them to these instructions.