menu

Overview

JAIST is subscribed to the UPKI service of the National Institute of Informatics (NII). Accordingly, JAIST provides services such as server certificate issuing from the Information Society Infrastructure Research Center.

University personnel who wish to use server certificates can issue / renew / revoke server certificates by following the steps described below. Inherently, you are responsible for the proper management of the issued server certificates.

Usage of the server certificates

The server certificate issued by this service readily provides authentication from the (jaist.ac.jp) domain. Besides the existing authentication being (JAIST), it provides the so-called OV (Organization Validation) certificate.

By using this certificate, it is proves that the server is operated by JAIST which is a real organization, and the server is legitimately using the domain (jaist.ac.jp).

Steps issuing / update / revoking of server certificates

The following summarizes the steps of issuing / updating / revoking certificates.

 

Steps of issuing

1. Create a CSR.

2. Create a TSV file using the TSV tool.

3. Send the TSV file to the Information Society Infrastructure Research Center.

4. The Information Infrastructure Research Center will forward the new application to NII.

5. Later an e-mail will be received with information about downloading the server certificate .

6. The applicant then downloads the server certificate, installs it on the server, and starts using it.

 

Steps of renewal

1. Create a CSR.

2. Create a TSV file using the TSV tool. (Serial number of old server certificate is necessary)

3. Send the TSV file to the Information Society Infrastructure Research Center.

4. The Information Infrastructure Research Center will forward the renewal application to NII.

5. Download information of the renewed server certificate will be delivered via e-mail to the applicant.

6. The applicant downloads the server certificate, installs it on the server, and starts using it.

7. Apply for revoking of the old server certificate according to the steps below.

 

 

Steps of Revoking

1. Create a TSV file using the TSV tool. (Serial number of old server certificate is necessary)

2. Send the TSV file to the Information Society Infrastructure Research Center.

3. The Information Society Infrastructure Research Center applies for revoking to NII.

 

Please refer to the following manual for more  details.

Manuals

Please refer to the following manuals when needed.

UPKI digital certificate issuance service manual.
https://meatwiki.nii.ac.jp/confluence/pages/viewpage.action?pageId=26182293

System operation support manual (for administrators).
https://meatwiki.nii.ac.jp/confluence/pages/viewpage.action?pageId=26183140

Server certificate installation manual (a description of how to make CSR).
https://meatwiki.nii.ac.jp/confluence/pages/viewpage.action?pageId=26183052

Please use the following TSV tool to make the TSV file.

TSV tool (TSV file generation support tool)
certs.nii.ac.jp/tsv-tool/

Points to note when generating CSR

1. While making a CSR, when filling in the fields, take care that the value of "Organization Name" is different from the example mentioned in the manual. Please enter exactly what is enclosed between the quotation marks.

"Japan Advanced Institute of Science and Technology"

Even the CSR and TSV files can be generated without errors, but if any character (including blanks) is different NII will not accept the application,

 

2. Although the fields ​​entered when making CSR are described in the manual, it is shown below for confirmation.

Quotation marks are excluded for all fields.

# This is an example with OpenSSL.

 

- Country Name (C)
"JP"     ..... C filed is JP.

- State or Province Name (ST)
"Ishikawa"     ..... ST field is Ishikawa

- Locality Name (L)
"Nomi"     .....  L attribute is Nomi. In the old service it was "Academe". Please be careful.

- Organization Name (O)
"Japan Advanced Institute of Science and Technology"  ..... O field is the alphabetic name of JAIST. Even a single character difference would be a mistake.

- Common Name (CN)
"hostname.jaist.ac.jp"     ..... CN field is the FQDN

- Email Address
Please do not fill it.

 

Example:

CN=hostname.jaist.ac.jp,OU=Research Center for Advanced Computing Infrastructure,O=Japan Advanced Institute of Science and Technology,ST=Nomi,L=Ishikawa,C=JP

Other issues

Based on the TSV file sent from the applicant, the Information Society Infrastructure Research Center applies for server certificate issuing / update / revoking to NII.

If the contents of the TSV file are not correct, the application will fail. In that case we will inform the applicant to re-make the CSR and TSV files with the correct contents.

In case of mistakes, it may be pointed out. Otherwise, it is requested that the applicant refer to the manual and correct it.

 

The Information Society Infrastructure Research Center doesn't provide:

- CSR and TSV file generation proxy

- Answers to questions about matters listed in the manual

- Installation of issued server certificate

Please resolve with the applicant or server administrator.

 

In addition, we may refuse application if inappropriate transmission of the TSV file is continued for several times and it is judged that it is due to lack of manual reading.

Please be informed in advance.

 

Thank you for your understanding and cooperation for appropriate service operation.