Certificate Service

Last updated: 
4 days 12 hours ago
Group Manager

Welcome to the Jisc Certificate Service group.

The service offers a number of different X509 SSL certificates, including Extended Validation certificates that give users the highest possible assurance, as well as S/MIME email certificates for digitally signing emails. Jisc has an agreement with the Certificate Authority, QuoVadis who is the provider of the certificates.

The service has been running since 2006 and has issued many thousands of certificates to organisations in UK research and education.

This is a Community group where users can obtain relevant information, receive service updates and provide feedback.

Article

With regards to our update in September regarding the underscores in domain names for SSL certificates, The CAB Forum has now clarified their position:

 “All certificates containing an underscore character in any dNSName entry and having a validity period of more than 30 days MUST be revoked prior to January 15, 2019.

After April 30, 2019, underscore characters (“_”) MUST NOT be present in dNSName entries.”

We will be adding the underscore character to the list of invalid characters very soon to stop these any future requests going through.

Article

The use of underscore characters in dnsNames is not allowed in Internet standards but has historically been treated as a gray area when used in the SAN field of TLS/SSL certificates.  Most CAs are disallowing this issuance following discussion in the CA/Browser Forum.

We have  previously issued browser-trusted TLS/SSL certificates that include dnsNames with underscore characters in the SAN fields.

Article

WE ENCOURAGE CUSTOMERS TO VALIDATE DOMAINS IN ADVANCE TO AVOID POSSIBLE LENGTHY DELAYS IN PROCESSING CERTIFICATE REQUESTS

Q1) What is the change?

From 1 August, new industry regulation states that Certificate Authorities (CAs) must no longer rely on checking a public WHOIS record to validate domain ownership. Instead, customers requesting a certificate must demonstrate a ‘positive interaction’ to show they have control over/ownership of the domain to be used in a certificate.

Article

Change to Certificate Service – from 1st March 2018

Q1) What is the change in the maximum duration of certificates?

    A) The maximum duration will be limited to 2 years, currently this is 3 years.

Q2) What certificates are affected?

    A) Only medium assurance Organisation Validated (OV) certificates. High assurance Extended Validation (EV) and Wildcard  certificates are already limited to 2 years.

Q3) Who is driving this change?

Article

We're pleased to announce that from today the service can provide end user certificates, which are used for digitally signing and encrypting emails. These are called S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates.

S/MIME are installed on email clients which then enable the end user to send digitally signed emails, giving recipients assurances that the email originated from the sender's account. By signing emails, recipients can also have confidence that the contents of the email has been been altered in transit.

Document

The change to the number of credits required for certificates with 5 or more domains takes effect from 5 September 2017. The cost of Mixed certificate credit bundles will remain unchanged.

The only changes are as follows:

Document

The change to the number of credits required for certificates with 5 or more domains take effect from 5 September 2017. The cost of Mixed certificate credit bundles will remain unchanged.

The only changes are as follows:

Article

The following certificates can be obtained through the Jisc Certificate Service's web app, found in the App Centre here:

The service provides Extended Validation (EV) server certificates S/MIME end user for digitally signing emails for high, both of which offer users the highest possible assurance. Business/Organisation Validated (OV) and Wildcard (of OV type) certificates are also available.

-----

All certificates issued are SHA-256.

-----

Article

For all FAQs please click on the header link 'Charging FAQs'

Jisc Certificate Service – charging update 24.04.2013 - 10 new points:

1. Why is the date for charging being moved?

Prev | Next