skip to primary navigationskip to content

Eligibility and restrictions

Certificates can be issued for servers using host names in the domain. This includes servers operated by the Colleges and other 'related institutions' of the University, providing they are content to be described within the certificate as being part of the University.

It is possible to issue certificates for host names in other domains, providing these domains are shown in the relevant registries as belonging to the University itself. However this is at University Information Services' (UIS) discretion and additional charges may apply in some cases. Certificates are not available for servers using host names in domains which are not owned by the University (and so not for domains owned by the Colleges or other 'related institutions'). Certificates are not available for servers using host names in unregistered domains such as .local.

Requests for certificates must be made by a recognised representative of the University institution to which the server's host name is assigned. This will normally be either a member of the lookup 'Management Group' for the relevant University institution, or someone with update access to the relevant part of the University's IP Address database. For certificates for host names in domains, particularly if the relevant server is hosted outside the University, it may be difficult to establish who is authorised to request certificates. Please contact if clarification is required in particular cases.

TLS certificates contain various standardised pieces of information. For certificates issued under this scheme some of these pieces of information must have particular values (see 'Application Process' for details).

The correct operation of TLS depends crucially on the server's private key being available to the server when needed and on it not being disclosed to third parties. Loss of access to the private key makes the corresponding certificate useless, and disclosure of the private key requires that the associated certificate be revoked. In both cases a replacement certificate will probably need to be issued for which a charge may be made. It is therefore important to backup the server's private key (and any associated pass phrase required for access), and to protect the key from disclosure. If private key is lost it is sometimes possible for the University to obtain a replacement certificate at no charge - if you need to re-request a certificate please contact for advice before simply requesting an additional certificate.

Links to the formal documents describing the certificate schemes are available - see 'Related information'.

Last updated: May 2015

UIS Service Status

Phone padded  Service status line: (01223) 463085
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >  |  Back issues

RSS Feed Latest news

Bug in iOS 14 and iPadOS 14 that affects new VPN configurations

Sep 16, 2020

The latest release of Apple's iPad and iPhone operating systems, due out today, has a bug that requires users to follow a different process when setting up a new VPN configuration. It doesn’t affect existing configurations.

AirGroup functionality expanded on University Wireless Service

Sep 15, 2020

We’ve expanded AirGroup functionality on the University Wireless Service. AirGroup enables personal devices to discover and communicate with each other via Wi-Fi – for example, it allows you to use Airplay from your mobile devices to your Apple TV.

View all news