skip to content

IT Help and Support

University Information Services
 

How to get TLS certificates for use within the University of Cambridge

What is TLS?

Transport Layer Security (TLS) is a way of securing Internet communications. TLS requires that the server (typically a web server) end of any communication has access to a public/private key pair and a cryptographic certificate linking these keys to the server's identity and to that of its operators. TLS replaced the now-deprecated SSL protocol, but the term SSL is still in everyday use. Many people and devices refer to TLS and SSL interchangeably.

For general use, you need to obtain TLS certificates from a widely trusted source, known as a Certification Authority or CA. The operating systems on computers maintain a list of trusted certificates which help them identify if the certificates they encounter are genuine.

For local use only, it is possible to create a "self-signed certificate" to secure local connections.

How to get a TLS certificate

Free DV certificates from Let's Encrypt

The Information Services Committee (ISC) advocates the use of zero-cost certificates from Let's Encrypt unless enhanced features or network configurations do not allow this. UIS uses and recommends using Let's Encrypt certificates wherever possible.

Let's Encrypt was established by the Internet Security Research Group (ISRG), and is supported by organisations and companies that want a more secure web. Let's Encrypt provides free automated Domain Validation (DV).

The easiest way to get started is to use certbot, a project of the Electronic Freedom Foundation.  

Your website needs to satisfy the following requirements to use certbot,:

    • is visible from outside the CUDN
    • is already online
    • with an open port 80
    • is hosted on a server that you can access with ssh
    • you can sudo on the server.

Once installed, certbot will install your Let's Encrypt certificate correctly and renew it automatically.

OV and EV certificates from Jisc

You can also purchase OV, EV and wildcard certificates from Jisc via our online ordering system. The costs incurred will be re-charged to your institution. You'll need to provide an institutional account code when you complete your order.

The prices are as follows:

Certificate type

Validity

Cost

Organisation Validation (OV) 1 year £20
Extended Validation (EV) 1 year £20
Wildcard certificate 1 year £150

 

Is it worth getting an Extended Validation (EV) certificate?

Web browsers no longer treat EV certificates more favourably than OV certificates, so there is no longer any advantage at all in using them.

 

Last updated: 17 February 2021

UIS Service Desk

UIS Service Status

Phone padded  Service status line: (01223 7)67999
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >

Latest news

New digital certificate service launched

30 July 2021

We've launched a new digital certificate service, and are now onboarding institutions and IT staff. The new Jisc-based service enables IT staff to create and manage a broader range of certificates (TLS, client and code signing) in minutes and at no cost to their institution. Comparing the old and new certificate services...

Moodle maintenance Tuesday 3 August 07:00-09:00

28 July 2021

The Moodle service will be subject to interruption on Tuesday 3 August 07:00–09:00 due to essential maintenance. While Moodle is unavailable, users will not be able to log in to the Panopto cloud service. Panopto recordings can still be made offline for later upload. If you have any questions, please contact the Moodle...

Internet Explorer 11 will no longer be supported by Microsoft 365 apps and services from 17 August 2021

23 July 2021

Microsoft has announced that from 17 August 2021, all Microsoft 365 apps and services will no longer support Internet Explorer 11 (IE11). This follows Microsoft’s announcement last November that Microsoft Teams would no longer support IE11. After 17 August 2021, you'll have a degraded experience or will be unable to...