Certificate, SSL

Webhosting and certificates for new websites since 2016

Since 2016, webhosting services include domain registration and certificates. On the webserver page the navigation path to the Request Webhosting form is presented.

Certificates, a very short introduction

SSL certifcates are used to identify services, mostly websites, to visitors. What browsers check is what visitors type to reach your website, for example:

https://your.domain.root

Browsers compare the bold part with the Common Name (CN) of the certificate. So to make your new certificate "work", that is, accepted by browsers, you need to specify the Common Name as your.domain.root.

Browsers do not care about network resolving details to reach your website. It may be hosted on systems with other domain names such as:

  • a.virtually.hosting.webserver.nl
  • a.virtual.machine.nl

and therefore require some additional network (DNS) configuration to be still available as your.domain.root but that is ignored by browsers when they check the Common Name.

Requesting or extending SSL-certificates for existing websites

You may request certificates for domains hosted on a dedicated webserver or a virtual machine. The department webserver does not yet support certificates for other domains than www.win.tue.nl .

To request a certificate:

  1. Decide upon the domain name that you require visitors to type, (or provide a link to) because that is what the certificate will be created for. Another domain name will require another certificate. You cannot repair that with DNS-aliases or webserver redirects.

  2. Send a request to wshelp@win.tue.nl in one of two forms:

    • Just the domain name in plain text, in which case we will create a private key and a CSR

    • A CSR with at least these fields:

      for field: fill in:
      CN   CommonName   your.domain.root
      O Organization Technische Universiteit Eindhoven
      L Locality Eindhoven
      C Country NL

    Sending a CSR is safer because no private key needs to be conveyed. And it is easier for tomcat administrators who keep certificates in JKS format, for which it is hard to import a private key.

DNS aliases

  • can be applied to host your.domain.root on hosts with another name, because DNS aliases such as:

    • your.domain.root → your.virtually.hosting.server.nl
    • your.domain.root → your.virtual.machine.nl


    do not affect acceptance of the certificate for your.domain.root by browsers.

  • can not be aplied to have another.domain.root also be accepted with a certificate for your.domain.root
    A DNS alias:
    another.domain.root → your.domain.root
    does not work for that purpose.

Contact us | Webmaster

Questions? Mail to helpdesk.win@tue.nl