University Information Services (UIS) currently supplies certificates issued by QuoVadis Online Security Limited via the Certificate Service operated by Jisc. In the past certificates issued by Comodo and Thawte have also been available but these arrangements have been discontinued.
What is available:
- Standard, 'Organisation Validated' (OV) certificates. These are suitable for most applications requiring certificates within the University and are valid for three years. These certificates cost the University about £20.00 each, but at present UIS absorbs that cost and they are issued free of charge.
- 'Extended Validation' (EV) certificates. EV certificates are subject to more vigorous checks before issue which may give visitors a higher level of assurance when visiting a site. Most browsers indicate a site using an EV certificate by turning the URL bar green. These certificates are only valid for two years. These certificates cost the University the same amount as standard OV certificates, but the shorter lifetime and more frequent renewal makes them more expensive in the long run. Their use should be restricted to 'high profile' sites where the higher level of assurance will be relevant to visitors. At present UIS absorbs that cost of EV certificates and they are issued free of charge.
- Wildcard certificates. These are valid for all host names directly inside a single sub-domain - so for example for all possible host names directly in '.department.cam.ac.uk'. These can be convenient, especially when the names of the hosts to be protected are not know in advance, but using them securely on more than one server is difficult so they must be used with care. Wildcard certificates are valid for two years and a charge of £120.00 (plus VAT at the standard rate for purchases by Colleges and other non-University organisations) is made for them.
If a mistake is made when a certificate is requested it is sometimes possible for the University to obtain a replacement at no charge - if you need to re-request a certificate please contact email@example.com for advice before simply requesting an additional certificate in the normal way.
Personal and Code Signing certificates are not currently available under this scheme.
All certificates include the University's name and (optionally) the name of the University unit (department, college, etc.) using them. They also support the 'Subject Alternate Name' (SAN) certificate extension, which allows a single certificate to list multiple server names and so to be valid for multiple servers or virtual hosts (or for one wildcard domain and additional servers or virtual hosts in the case of wildcard certificates). Certificates issued under this scheme contain signatures that use the SHA-2 hash algorithm. All certificates can normally be issued quickly - typically within a working day.
Where there is a charge for a certificate, requests will only be processed once a valid purchase order (or other payment authorisation for non-University institutions that don't issue purchase orders) is received by UIS.
At one time some certificates issued by UIS could not be used to secure financial transactions but this restriction was removed during 2012.
Last updated: April 2016