Overview
To utilize batching functionality in Terra Dotta, the PDSO and/or RO must register the campus site and ensure the campus has a valid batch certificate. This article walks you through how to purchase, convert, and upload the batch certificate to SEVIS.
In this article:
1. Purchasing the Batch Certificate
2. How to Create Your CSR Using the Microsoft Management Console (MMC)
3. Uploading the Modified Batch Certificate to SEVIS
Requirements:
- The process should be completed on one computer.
- The process should be completed using a PC (not Mac compatible.)
- The recommended browser is Google Chrome.
- Terra Dotta only supports the purchase and use of Sectigo certificates.
- A credit or debit card will be needed to purchase the certificate. A 2-year certificate is $24.00.
Deliverables Provided to Terra Dotta:
- The batch certificate password. Please note: This is not the Sectigo password. The institution should also keep the certificate password for future use.
- A .PFX file
Deliverables Provided to the Institution:
- A .PEM file to be uploaded to SEVIS.
Purchasing the Batch Certificate
1. Open the Chrome browser on your computer.
2. Navigate to the Sectigo website
3. Click on the Add to Cart button
4. Select the 2 yr. certificate and click Add to Cart
5. Click Check Out
6. Enter your email address to either create a new account or log in to your existing account.
7. If you are creating a new account, please enter your personal and billing information.
8. Enter your payment information and click Complete Order.
At this point, you will be taken to a confirmation screen and you will receive 3 emails - an order confirmation email, a payment confirmation email, and an email with SMIME activation steps.
How to Create Your CSR Using the Microsoft Management Console (MMC)
Generation
- On the Windows Start screen, type Run to locate the Run application.
- Type certmgr.msc in the text field and click OK.
- In the MMC console, in the console tree, expand Certificates > Personal, right-click on the Certificates folder, and then click All Tasks > Advanced Options > Create Custom Request.
- In the Certificate Enrollment Wizard, on the "Before You Begin" page, click Next.
- On the "Select Enrollment Enrollment Policy" page, select Custom Request > Process without enrollment policy and click Next.
- On the Custom Request page, please do the following and click Next:
- In the drop-down list, select (No Template) CNG Key.
- Select PCKS #10
- On the Certificate Information page, expand Details (click the drop-down arrow) and then click Properties.
- In the Certificate Properties window, on the General tab, type a friendly name for the certificate and click OK. Please note: the friendly name is not part of the certificate; instead, it is used to identify the certificate.
- On the Subject tab, under Subject Name, select a Type, enter the appropriate Value, and click Add. Please refer to the following for the information needed for this section:
- Common Name: PDSO's full name (e.g. CN = John Smith)
- Email: email address (E = johnsmith@yahoo.com)
- Click Apply.
- On the Private Key tab, expand Key Options, set the Key Size to 2048, and check Make private key exportable.
- Finally, click Apply and click OK.
- In the Certificate Information wizard, on the Certificate Information page, click Next.
- On the Where do you want to save the offline request page, do the following:
- For the File Format, select Base 64.
- In the File Name box, type a name for your CSR file (e.g. ecc_ssl_csr.)
- Click Browse to select the location where you want to save the CSR (.req) file and then click Save.
- Make sure to note the file name and the location where you saved your CSR file.
- Click Finish.
- Use a text editor (i.e. Notepad) to open the file.
- Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and enter it into the order form and click Submit Certificate Request.
This completes the CSR generation (Setup). The following steps are for validation and download/installation.
Validation
- Check your inbox for an email from Sectigo Certification Authority with the subject, "Please verify your application," and click the hyperlink here within the email.
- Review the Sectigo Certificate Subscriber Agreement. If you accept the terms, check the box and click Submit and Continue.
Download/Installation
- Click the option to return to the client portal to download your certificate.
- Click the My Products and Orders tab and select Download found next to your current certificate order.
- After selecting the option to download, two (2) downloads should appear. Select the single download (i.e. certxxxx.cert) and not the bundle.
- From the Open File window, select the option to Open the file.
- In the certificate window, click Install Certificate.
- In the Certificate Import wizard, select Current User and click Next.
- Under Certificate Store, select the option to "Automatically select the certificate store based on the type of certificate," and click Next.
- Click Finish to import the certificate.
- On the Windows Start screen, type Run to locate the Run application.
- Select certmgr.msc from the drop-down menu and click OK.
- In the MMC Console, in the console tree, expand Certificates > Personal, open the Certificates folder, and right-click on the certificate issued to the email address previously provided.
- Select All Tasks > Export and click Next on the Certificate Export Wizard.
- In the Certificate Export Wizard, select Yes, export the private key, then click Next.
- The only option available for the Export File Format should be Personal Information Exchange - PCKS #12 (.PFX)
- Ensure the options to "Include all certificates in the certification path if possible" and "Enable certificate privacy" are selected, then click Next.
- Check the password and create a unique password for the private key, then click Next.
- Click Browse and specify the name of the file to export. Click Next.
- Click Finish to complete the certificate export.
- Upload the exported certificate to the TD Support Team representative in your Batch Renewal ticket along with your unique password created for the file
Uploading the Modified Batch Certificate to SEVIS
- The SEVIS Batch Certificate must be uploaded by the PDSO and/or RO.
- The SEVIS Batch Certificate must be uploaded to each campus site where batching will be utilized.
- The below instructions are identical for SEVIS Production and SEVIS Beta sites. SEVIS beta is for Sandbox sites.
- Launch your web browser and navigate to https://egov.ice.gov/sbtsevis/.
-
Enter the SEVIS username and password for the PDSO/RO, then click the Login button.
-
Click on Main in the top left of the page. Your site may look slightly different than the screenshot example here if you have new messages that appear when you log into SEVIS.
-
Click on the hyperlink above the list of your campus sites.
-
Click Register for Batch Processing on the left side of the page.
-
Click Accept.
-
Select all of the campuses to which your certificate applies by holding the Shift key down and clicking each campus.
-
Click on the Browse button, navigate to the C:\Certificate folder, select your prepared batch certificate sent to you from Terra Dotta Support that is in .pem format, and click the Open button.
-
Click the Upload Certificate button.
-
A message will display that says you are successfully registered for batch processing.
-
Click Logout in the top left portion of the page.