1. generate the private key and the csr e.g. via openssl:

openssl req -newkey rsa:4096 -sha256 -keyout <fqdn>-key.pem -out <fqdn>-request.pem -subj "/CN=<fqdn>"

• The file <fqdn>-key.pem contains the private key to be protected.
• The file <fqdn>-request.pem contains the CSR with the public key and is uploaded in the certmanager.
  (Entries for the DN or subject alternate names are not taken from the CSR.)
  

2. login to the HARICA certmanager

Open the certmanager https://cm.harica.gr.
Only log in via "Academic Login" (SSO) with your RPTU account.

3. Select the entry "Server " in the navigation under Certificate Request.

Fill out the following web forms accordingly.
Enter the friendly name (optional).
Manually enter the FQDN of the server via Add Domains.
(deselect Include www if necessary)

Further Subject Alternate Names can be entered via "add more domains".

The domain names can also be uploaded via CSV file. The CSV file must correspond exactly to the suggested sample.csv

4. select the type of your certificate

Select the type"For enterprises or organizations (OV)"

The following appears:
Your Order:
SSL OV
Total price: free

5. review the application before submitting

Check details
Confirm Terms of Use and CP of HARICA

6. submit request

Submit CSR manually (upload own CSR <fqdn>-request.pem) or copy&paste the content of <fqdn>-request.pem.
Confirm Terms of Use and CP of HARICA and submit

The request is then displayed on the dashboard under Pending Certificates.
The certificate is approved by the participant service in the RHRZ.

The certificate can then be downloaded via your dashboard in the list of "Valid Certificates".
The "PEM bundle" file can be used directly for web servers (Apache, nginx).