skip to content

JISC certificate charges

All certificates are valid for 1 year.

Certificate type Number of domains Cost

Organization Validation (OV)


Extended Validation (EV)

4 or fewer £20
5–9 £40
10–19 £60
20–29 £120
30–49 £160
Wildcard £150*

* If you're applying for a wildcard certificate, obtain a purchase order and email it to .

How to apply

Step 1

Generate a public/private key pair and associated 'PKCS#10 Certificate Signing Request' (CSR). There are some general instructions on how to do this on QuoVadis web site. Keys for use in QuoVadis certificates must be at either 2048 (recommended) or 4096 bits long. Generate an RSA key pair.

To be acceptable under this scheme, the various items of information that can be included in a CSR for a particular type of certificate are either required (sometimes with a fixed value), optional, or prohibited. Requests that do not meet these conditions will be rejected. Items not mentioned here are prohibited.

Certificate field DV Certificate EV Certificate Wildcard Certificate
Country/Region (C): GB
State/Province (ST): optional, if present must be Cambridgeshire
City/Locality (L): optional, if present must be Cambridge
Organization (O): optional, if present must be University of Cambridge
Organizational Unit (OU): optional, see below
Common Name (CN): exactly one host name required, see below exactly one host name required, see below exactly one host name starting '*' required, see below
Subject Alternative Name extension (SAN): optional, up to 49 additional host names, see below optional, up to 9 additional host names, see below optional, up to 9 additional host names, see below
Email address (emailAddress): optional, won't appear in the certificate

The host name or names by which the servers that will use the certificate will be accessed must be included in the request. A single name must be included in the 'Common Name' *(CN) field and additional names may be included in the 'Subject Alternative Name' (SAN) extension field. The names must match the fully qualified host names under which the servers will operate – for a web server these must be the host names that will appear in URLs.

Wildcard certificates must contain a name starting '*.' in the CN, and may contain up to 9 additional names in the SAN extension field. In wildcard certificates, it can often be useful to include the base domain in the SAN, so for example '*' in CN and '' in the SAN.

If present, the Organizational Unit should describe the University institution (department, college, etc.) running the server(s) described in the certificate.

Users of OpenSSL may want to use this configuration file with the 'openssl req' command, or this Python script (run with --help for instructions) to simplify the process. Otherwise, when using 'openssl req' note that you can omit a field without accepting a default by supplying a single dot as the value.

An appropriate CSR looks something like this:


Step 2

Securely back up your private key and any associated pass-phrase. Loss or disclosure of your private key will render any related certificate useless.

Step 3

Visit the TLS certificate administration site and request a new certificate - Raven authentication is required to access this site. Applications will not be accepted unless made by a recognised representative of the University organisation to which the server's host name is assigned.

Step 4

For an OV or EV certification, you will need to provide a cost code for recharging purposes. If the certificate is for a college, add a contact name and college name in the cost code field.

If you're applying for a wildcard certificate, obtain a purchase order and email it to .

You can check the status of your request on the TLS certificate administration site, from where you will also be able to download your certificate when it is ready. Requests for certificates are normally completed in one or two working days - if you don't receive your certificate within this time then please contact .

See 'Installation and deployment' for what to do with your certificate once you've received it and 'Renewal process' for what to do when it eventually expires.


Last updated: April 2019

UIS Service Desk

UIS Service Status

Phone padded  Service status line: (01223 7)67999
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >

Latest news

Changes to the way you log in to Qualtrics from 28 June

18 June 2021

In order to improve security, the way you log in to your Qualtrics account is changing on 28 June . When you log in, use your username with the format , and your Raven password. If your current Qualtrics username is not in the format , please let us know and we can guide you through the...

University Wireless Service essential maintenance schedule June–July 2021

18 June 2021

The University Wireless Service will be undergoing essential maintenance during June and July. Tuesday 29 June The Wireless Service RADIUS servers will migrate to new servers between 08:00 and 09:00. The change should be seamless, but services supplied by University Wireless, and institutional-proxied connections should be...

Obsolete media formats will be removed from the Streaming Media Service on 24 June

17 June 2021

We need to delete old, unsupported media files from the University’s Streaming Media Service (SMS) because the system is approaching its maximum storage capacity. The original high-quality ‘master’ copies will be retained. Deleting old files will allow adequate space for users to add new uploads and ensure the service continues to run smoothly.