skip to content

IT Help and Support

University Information Services

How to get TLS certificates for use within the University of Cambridge

What is TLS?

Transport Layer Security (TLS) is a way of securing Internet communications. TLS requires that the server (typically a web server) end of any communication has access to a public/private key pair and a cryptographic certificate linking these keys to the server's identity and to that of its operators. Clients (typically web browsers) need to be configured to 'trust' the entity that signed this certificate.

If the server and clients are controlled by the same people then certificates can be created locally, but in general they need to be signed by an organisation that clients are pre-configured to trust. In practice this means dealing with one of several commercial 'Certification Authorities' (CAs).

How to get a TLS certificate

Free DV certificates from Let's Encrypt

The Information Services Committee advocates the use of zero-cost certificates from Let's Encrypt, unless enhanced features or network configurations do not allow this.

Let's Encrypt was established by the Internet Security Research Group (ISRG), and is supported by organisations and companies that want a more secure web. Let's Encrypt provides free automated Domain Validation (DV) and wildcard certificates. DV certificates don't provide the same level of validation as Organization Validation (OV) and Extended Validation (EV).

OV and EV certificates from Jisc

You can also purchase OV, EV and wildcard certificates from Jisc via our online ordering system. The costs incurred will be re-charged to your institution. You'll need to provide an institutional account code when you complete your order.

Jisc's prices are as follows:

  • Organization Validation (OV) certificate for 2 years: £20
  • Extended Validation (EV) certificate for 2 years: £20
  • Wildcard certificate for 3 years: £150


All Certificate Authorities were required to stop issuing 2-year TLS/SSL certificates from 1 September 2020. The industry-allowed maximum validity period is now 1 year (398 days). Existing 2-year certificates will be honoured to their end date.

Further information

 Certificates and website security

 About Let's Encrypt

 How Let's Encrypt domain validation works

UIS Service Desk

UIS Service Status

Phone padded  Service status line: (01223 7)67999
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >

Latest news

University Wireless Service maintenance: Tuesday 21 September, 08:00–09:00

16 September 2021

The University Wireless Service will be undergoing essential maintenance between 08:00 and 09.00 on Tuesday 21 September while we apply a security software patch. This is a security update to ClearPass, which provides Wireless Service network access control. We're not expecting any disruption to service, but it should be...

Mailing list migrations from Mailman to Sympa

31 August 2021

We intend to migrate all remaining lists associated with colleges from Mailman to Sympa during the week commencing 13 September 2020. The current total is 1,567. How this will affect users of the mailing list management service Most mailing list subscribers shouldn't notice any difference. During the switchover, there will...

Managed Zone Service closedown and migration to Mythic Beasts

24 August 2021

The Managed Zone Service (MZS) is being shut down, and its data content migrated to a commercial provider, Mythic Beasts. There will be no interruption to the service, but MZS users in institutions will need to make arrangements to retain management access to their zones. What is changing? UIS set up the MZS many years ago...