skip to primary navigationskip to content
 

Eligibility and restrictions

Certificates can be issued for servers using host names in the cam.ac.uk domain. This includes servers operated by the Colleges and other 'related institutions' of the University, providing they are content to be described within the certificate as being part of the University.

It is possible to issue certificates for host names in other domains, providing these domains are shown in the relevant registries as belonging to the University itself. However this is at University Information Services' (UIS) discretion and additional charges may apply in some cases. Certificates are not available for servers using host names in domains which are not owned by the University (and so not for domains owned by the Colleges or other 'related institutions'). Certificates are not available for servers using host names in unregistered domains such as .local.

Requests for certificates must be made by a recognised representative of the University institution to which the server's host name is assigned. This will normally be either a member of the lookup 'Management Group' for the relevant University institution, or someone with update access to the relevant part of the University's IP Address database. For certificates for host names in non-cam.ac.uk domains, particularly if the relevant server is hosted outside the University, it may be difficult to establish who is authorised to request certificates. Please contact if clarification is required in particular cases.

TLS certificates contain various standardised pieces of information. For certificates issued under this scheme some of these pieces of information must have particular values (see 'Application Process' for details).

The correct operation of TLS depends crucially on the server's private key being available to the server when needed and on it not being disclosed to third parties. Loss of access to the private key makes the corresponding certificate useless, and disclosure of the private key requires that the associated certificate be revoked. In both cases a replacement certificate will probably need to be issued for which a charge may be made. It is therefore important to backup the server's private key (and any associated pass phrase required for access), and to protect the key from disclosure. If private key is lost it is sometimes possible for the University to obtain a replacement certificate at no charge - if you need to re-request a certificate please contact for advice before simply requesting an additional certificate.

Links to the formal documents describing the certificate schemes are available - see 'Related information'.

Last updated: May 2015

UIS Service Status

Phone padded  Service status line: (01223) 463085
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin


A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >  |  Back issues

RSS Feed Latest news

Retirement of UIS Windows Software Update Service (WSUS) on 30 June

Jun 26, 2020

We need to accelerate our original plan and fully decommission the Windows Software Update Service (WSUS) server on 30 June, rather than the 1 September, due to security concerns and the need to prioritise our resources to support the University.

The University Card Service will reopen with a limited service on Wednesday 1 July

Jun 25, 2020

The University Card Service is preparing to reopen on Wednesday 1 July, following the easing of lockdown restrictions.

View all news