The default setup is using the standard URL as defined by TimeEdit: https://<your_institution>.ascme.nl

The <your_institution> is chosen by the customer and can be the full name or an abbreviation that identifies the institute. The non-production environments will follow a standard naming convention using <your_institution> and an identifier that distinct between the different environments (test, accept, ...).

By using the standard URL TimeEdit will take care of the required certificates and their timely renewal.

‍

In case of a private URL, the customer specifies the URL for the relevant environments that should be accessible. E.g. https://curriculum.<your_insitution>.co.uk, https://studyguide.<your_institution>.nl, https://test.evaluation.<your_institution>.co.uk.

The choice for a private URL requires additional steps during initial configuration and during the lifecycle of the application.

Initial configuration

The initial configuration follows the following steps:

1. TimeEdit will provide the IP addresses of the environments
2. The customer defines a DNS-record with the URLs of choice to the provided IP address(es)
3. TimeEdit will generate and send a key pair with the private key and CSR (Certificate Signing Request) to the customer. This to receive a correct signed certificate that can be used to run using https.
4. The customer request a certificate at their certificate authority using the CSR for all of the environments that will have an own URL, e.g. test, accept and production. The certificate(s) are send to TimeEdit
5. TimeEdit will configure the server(s) to accept the URL and accept http and https request
6. After configuration the setup will be tested and accepted by the customer

Maintenance (renewal of certificates)

The certificates provided by the certificate authority will have a limited validity. Once the validity is expired users will get messages the connection is insecure. To prevent these messages the certificates must be renewed at a regular basis.

The renewal of certificates follows the following steps:

1. Customer detects a certificate will expire in x weeks time.
   It is advised to register certificates and their expiry date, including notification in case the expiry date is near. By using a 2 week notification period, there is time to execute the following steps before the certificate actually expires
2. The customer requests a certificate at their certificate authority using the CSR for all of the environments that will have an own URL, e.g. test, accept and production.
   The certificate(s) are send to TimeEdit, including the validity information
3. TimeEdit will plan the replacement of the certificate(s) based on the validity information
4. TimeEdit will install the new certificate(s)
5. After installation the setup will be tested and accepted by the customer

The renewal of certificates is a matter of arranging timely notification.

When the certificates are requested by the customer IT department, it is advised to addas an additional recipient for the certificate and notifications.

In that case the automatic reminder a certificate requires renewal will also be sent to  TimeEdit support and automatically create a support ticket. Support can download the renewed certificate and plan for the timely installation.

‍