Overview

Keymaker generates host-level certificates for department-managed Linux workstations to connect to UMD's policy-driven network (802.1X authentication). This tool is specifically for Linux hosts that are owned by the University but managed by departmental system administrators rather than DIT.

Top

Prerequisites

• A UMD /netadmin account 
• The fully-qualified domain name (FQDN) of your Linux host (e.g., hostname.dept.umd.edu)
• Knowledge of which department group your host belongs to

Top

When to use this service

• Setting up a new Linux workstation that needs network access
• Replacing expired network certificates
• Migrating a Linux host to the new policy-based network

Top

Step-by-Step Instructions

Step 1: Access the Keymaker Portal

1. Open the Keymaker Portal.
2. You will be automatically redirected to UMD's authentication page.

Step 2: Authenticate with Your NetAdmin Account

1. Important: You must log in with your /netadmin account, not your regular UMD account
   • Username format: directoryid/netadmin (e.g., jsmith/netadmin)
   • Use your administrative password
2. Complete two-factor authentication with Duo when prompted
3. After successful authentication, you will be redirected back to the Keymaker application

Step 3: Request a Certificate

You will see a certificate request form with the following fields:

1. Hostname (Required)
   • Enter the fully-qualified domain name of your Linux host
   • Format: hostname.department.umd.edu
   • Example: workstation01.cs.umd.edu
2. Department Group (Required)
   • Select your department from the dropdown menu
   • This determines which network resources your host can access
   • Examples: CMSC (Computer Science), ENGR (Engineering), DIT (Division of IT)
3. Optional Private Key password if you wish to RSA encrypt the private key
4. Click "Request Certificate"

Step 4: Download Your Certificates

Once your request is approved, you will be presented with a download page containing two files:

1. Public Certificate (hostname.umd.edu-cert.pem)
   • Contains the public certificate signed by the university's certificate authority
   • Can be stored with standard file permissions (readable by users)
2. Private Key (hostname.umd.edu-key.pem)
   • Contains the private key for the certificate
   • Important: Keep this file secure! Do not share it or store it in publicly accessible locations
   • Should have restricted permissions (readable only by root)

Download both files to a secure location on your local computer.

Step 5: Configure your workstation

See KB0020362 for instructions on uploading the certificate and private key to the host and configuring the network connection profiles on both RHEL and Ubuntu distributions.

Top