skip to primary navigationskip to content
 

Eligibility and Restrictions

Certificates can be issued for servers using host names in the cam.ac.uk domain. This includes servers operated by the Colleges and other 'related institutions' of the University, providing they are content to be described within the certificate as being part of the University.

It is possible to issue certificates for host names in other domains, providing these domains are shown in the relevant registries as belonging to the University itself. However this is at University Information Services' (UIS) discretion and additional charges may apply in some cases. Certificates are not available for servers using host names in domains which are not owned by the University (and so not for domains owned by the Colleges or other 'related institutions'). Certificates are not available for servers using host names in unregistered domains such as .local.

Requests for certificates must be made by a recognised representative of the University institution to which the server's host name is assigned. This will normally be either a member of the lookup 'Management Group' for the relevant University institution, or someone with update access to the relevant part of the University's IP Address database. For certificates for host names in non-cam.ac.uk domains, particularly if the relevant server is hosted outside the University, it may be difficult to establish who is authorised to request certificates. Please contact if clarification is required in particular cases.

TLS certificates contain various standardised pieces of information. For certificates issued under this scheme some of these pieces of information must have particular values (see 'Application Process' for details).

The correct operation of TLS depends crucially on the server's private key being available to the server when needed and on it not being disclosed to third parties. Loss of access to the private key makes the corresponding certificate useless, and disclosure of the private key requires that the associated certificate be revoked. In both cases a replacement certificate will probably need to be issued for which a charge may be made. It is therefore important to backup the server's private key (and any associated pass phrase required for access), and to protect the key from disclosure. If private key is lost it is sometimes possible for the University to obtain a replacement certificate at no charge - if you need to re-request a certificate please contact for advice before simply requesting an additional certificate.

Links to the formal documents describing the certificate schemes are available - see 'Related information'.

Last updated: May 2015