skip to primary navigationskip to content
 

What certificates are available?

University Information Services (UIS) supplies certificates issued by QuoVadis Online Security Limited via the Certificate Service operated by Jisc.

What is available

Standard, 'Organisation Validated' (OV) certificates

These are suitable for most applications requiring certificates within the University and are valid for one year. The charge for these certificates varies according to the number of domains – please see Application process and charges for details. But wherever possible, we recommend that you use free Let's Encrypt certificates instead.

'Extended Validation' (EV) certificates

These are subject to more vigorous checks before issue. Web browsers used to indicate a higher level of trust when they encountered an EV certificate. They no longer do this. These certificates are valid for one year. We discourage their use as they offer no advantages over OV certificates anymore.

Wildcard certificates

These are valid for all hostnames directly inside a single sub-domain – so, for example, for all possible hostnames directly in .department.cam.ac.uk. These can be convenient, mostly when you don't know the hostnames in advance, but using them securely on more than one server is difficult, so please use them with care. Wildcard certificates are valid for one year and cost £150 (plus VAT at the standard rate for purchases by Colleges and other non-University organisations).

If you make a mistake when ordering a certificate, it is sometimes possible for the University to obtain a replacement at no charge. If you need to re-request a certificate, please contact for advice before simply requesting an additional certificate in the usual way.

Personal and Code Signing certificates are not currently available under this scheme.

All certificates include the University's name and (optionally) the department, college, or other institution using them. They also support the 'Subject Alternate Name' (SAN) certificate extension. SANs allow a single certificate to be valid for multiple servers or virtual hosts (or for one wildcard domain and additional servers or virtual hosts in the case of wildcard certificates). Certificates issued under this scheme contain signatures that use the SHA-2 hash algorithm.

We will only process your request once we receive a valid purchase order (or equivalent). It typically takes less than one working day for us to issue a certificate.

At one time, some certificates issued by UIS could not be used to secure financial transactions, but this restriction was removed during 2012.

 

Last updated: 17 February 2021