This page contains information about how to apply for a certificate to protect your service.
If you are a web server administrator or someone who is managing a service that requires an X.509 certificate, you may submit a certificate request to us and we will sign it with the University Certificate Authority (CA or root) certificate. Your users will then be able to use your secured service without having to go through the manual process of installing your certificate.
There are four different types of certificate that you can use. They are as follows:
Self-certification is easy to do for the system administrator as it means that the certificate signs itself and the administrator can install the certificate quickly without waiting for a certificate authority to sign it. However, users will be challenged to refuse or accept the certificate the first time they use the site. You would typically uses these just for development or testing. This doesn't require any certificate authority.
You apply for one from Information Services and then it is very similar to the self-signed certificate except that if the user has gone through the one-off acceptance of the University of Edinburgh Certificate Authority certificate, they will not be prompted to accept your new one. Internally facing web services, and the authentication between your web service and the EASE authentication service use these certificates. Public facing websites may also use these though this will generate browser warnings if the University CA certificate has not been pre-loaded into the user's browser.
JANET(UK), the UK academic network body, have made available certificates signed by Comodo for the academic community. Browsers already know about these and so will not be prompted to accept them. Certificates are issued free of charge for one, two or three year periods, but they must not be used for commercial or financial purposes. All certificates previously issued by Globalsign under the old JANET(UK) service will remain valid until their expiry date. So no immediate action needs to be taken by people using such certificates.
Verisign, Globalsign and other Certificate Authorities are other certification authorities similar to Comodo, but without the restrictions on use of the JANET certificate service. These authorities charge for issuing certificates but you may use them for any purpose.
To apply for a certificate to be signed by a certificate authority you need to create a certificate signing request (CSR). This will generate a private key file and the CSR. You send the CSR to the authority, they sign it and return the public key part of the certificate to you.
This guidance page describes the process of creating a valid certificate signing request (CSR) for submitting to be signed by any certificate authority.
To apply for a University certificate or a Comodo certificate from the JANET Certificate Service complete the following form. You will need to provide a Certificate Signing Request (CSR).
On submission of the certificate request to the certificate authority the certificate request will be checked for validity. Assuming it is ok, the certificate will be signed and emailed back to you. Comodo certificates will come in a zip file containing your signed certificate and three other certificates. These other certificates are needed to validate your certificate and should be included in your certficate chain file or certificate authority directory of the software you are using. A university signed certificate will not come with the equivalent certificate authority certificate for validation but this can be downloaded from this website by following the link to the pages for installing the university CA certificate.
To apply for a commercial certificate contact the Certificate Authority directly. For example:
This article was published on Nov 11, 2013