The University of Edinburgh

• Schools & departments

• Home
• Search IS
• Students
• Researchers & teachers
• Support staff
• About IS
• Services
• Library
• Computing
• Learning technology
• Research support

• University Homepage
• Schools & departments
• Information Services
• Services
• Computing services
• Computing Infrastructure
• Network
• Certificates
• Applying for a certificate

• An overview to certificates
• Introduction
• Installing the CA certificate
• Applying for a certificate
• Changes to the JANET certificate service

Getting a certificate

This page contains information about how to apply for a certificate to protect your service.

If you are a web server administrator or someone who is managing a service that requires an X.509 certificate, you may submit a certificate request to us and we will sign it with the University Certificate Authority (CA or root) certificate. Your users will then be able to use your secured service without having to go through the manual process of installing your certificate.

Different types of certificate

There are four different types of certificate that you can use. They are as follows:

Self-certification

Self-certification is easy to do for the system administrator as it means that the certificate signs itself and the administrator can install the certificate quickly without waiting for a certificate authority to sign it. However, users will be challenged to refuse or accept the certificate the first time they use the site. You would typically uses these just for development or testing. This doesn't require any certificate authority.

University of Edinburgh signed certificate

You apply for one from Information Services and then it is very similar to the self-signed certificate except that if the user has gone through the one-off acceptance of the University of Edinburgh Certificate Authority certificate, they will not be prompted to accept your new one. Internally facing web services, and the authentication between your web service and the EASE authentication service use these certificates. Public facing websites may also use these though this will generate browser warnings if the University CA certificate has not been pre-loaded into the user's browser.

JANET Certificate Service (Comodo certificates)

JANET(UK), the UK academic network body, have made available certificates signed by Comodo for the academic community. Browsers already know about these and so will not be prompted to accept them. Certificates are issued free of charge for one, two or three year periods, but they must not be used for commercial or financial purposes. All certificates previously issued by Globalsign under the old JANET(UK) service will remain valid until their expiry date. So no immediate action needs to be taken by people using such certificates.

Commercial Certificates

Verisign, Globalsign and other Certificate Authorities are other certification authorities similar to Comodo, but without the restrictions on use of the JANET certificate service. These authorities charge for issuing certificates but you may use them for any purpose.

Applying for a certificate

To apply for a certificate to be signed by a certificate authority you need to create a certificate signing request (CSR). This will generate a private key file and the CSR. You send the CSR to the authority, they sign it and return the public key part of the certificate to you.

On submission of the certificate request to the certificate authority the certificate request will be checked for validity. Assuming it is ok, the certificate will be signed and emailed back to you. Comodo certificates will come in a zip file containing your signed certificate and three other certificates. These other certificates are needed to validate your certificate and should be included in your certficate chain file or certificate authority directory of the software you are using. A university signed certificate will not come with the equivalent certificate authority certificate for validation but this can be downloaded from this website by following the link to the pages for installing the university CA certificate.

Applying for a commercial use certificate

To apply for a commercial certificate contact the Certificate Authority directly. For example:

• Verisign
• Globalsign
• Comodo

This article was published on Nov 28, 2012

• Terms & conditions
• Privacy & cookies
• Website accessibility
• Freedom of Information Publication Scheme

Unless explicitly stated otherwise, all material is copyright © The University of Edinburgh 2013.