Example of procedure to create a CSR and ask Sectigo-UPdigital for a digital certificate
(worked for JMCruz in 1st semestre 2024/25!)

------8<----
> 2nd - create CSR (certificate signing request)
>     $ openssl req -new -key up209810K-.pem -out up209810Certificate.csr \
>         -subj "/C=PT/L=Porto/O=FEUP/OU=DEI/CN=J. Magalhaes Cruz" \
>         -addext "subjectAltName = email:up209810@up.pt, email:jmcruz@fe.up.pt" \
>         -addext "basicConstraints = critical, CA:false" \
>         -addext "keyUsage = critical, digitalSignature, keyEncipherment" \
>         -addext "extendedKeyUsage = critical, clientAuth, emailProtection"
>
> 3rd - use Sectigo's services
>     https://cert-manager.com/customer/fccn/idp/clientgeant
>         ---> authenticate in U.Porto's AAI
>             up209810@up.pt
>             [
>             Common Name     José Manuel de Magalhães Cruz
>             Display Name     José Manuel De Magalhães Cruz
>             eduPersonEntitlement     urn:mace:terena.org:tcs:personal-user
>             E-mail     jmcruz@fe.up.pt
>             Given name     José Manuel
>             Principal Name     jmcruz@fe.up.pt
>             Home organization (international)     up.pt
>             Surname     De Magalhães Cruz
>             ]
>         ---> Certificate Profile:
>             GÉANT Personal Authentication    (WORKS!)
>                 ---> provides client authentication, enables you to authenticate to e-Infrastructure services
>             GÉANT Personal Automated Authentication    (?)
>             GÉANT Personal email signing and encryption    (DOES NOT WORK!)
>         ---> Term:
>             395 days
>         ---> Enrollment Method:
>             CSR
>         ---> ChooSe file:
>             up209810Certificate.csr
>         ---> cert.pem    (parece inlcuir cadeia com 2 certs; ---> up209810Certificate.pem)
------8<----