Last updated: 
2 months 3 weeks ago
Group Manager
Welcome to the Jisc Certificate Service group. The service offers a number of different X509 SSL certificates, including Extended Validation certificates that give users the highest possible assurance, as well as S/MIME email certificates for digitally signing emails. Jisc has an agreement with the Certificate Authority, QuoVadis who is the provider of the certificates. The service has been running since 2006 and has issued many thousands of certificates to organisations in UK research and education. This is a Community group where users can obtain relevant information, receive service updates and provide feedback.

Service Announcements

14 October 2014 at 12:13pm

Availability of SHA-256 certificates: 14 October 2014
We’re pleased to announce an agreement has been reached between TERENA and Comodo which will enable customers to obtain SHA-256 certificates. This is available with immediate effect and all certificates obtained from the service will be by default SHA-256.

As a result of the deprecation of SHA-1 certificates expiring in 2017 by the all the major web browsers, all customers who obtained 3-year certificates in 2014 are advised to replace them over the next few months. To help make this process easier for you, we are automatically crediting affected accounts to enable the replacement of these certificates at no cost.

We apologise for any inconvenience that this issue has caused our customers and thank you for your patience.

If you have any questions or queries, please contact the Janet Service Desk on : 0300 300 2212 or email certificates@ja.net

Update: 23 September 2014

Jisc has been informed by TERENA that all 3 year SHA-1 certificates obtained from 23 September 2014 will now have an expiry date of 31 December 2016. We are working with TERENA and Comodo to provide a solution to SHA-1 certificates following the announcement by Google that will result in the minimum impact for all Janet Certificate Service customers. We apologise for any inconvenience and thank you for your patience.

If you have any questions or queries, please contact the Janet Service Desk on 0300 300 2212 or email: service@ja.net

Update: 18 September 2014

SHA-1

You may have read a statement in an online developer forum by Ryan Sleevi, senior software engineer at Google regarding the safety of SHA-1 web certificates. In light of this announcement, Jisc is working with partners and industry providers to provide a combined solution that will result in a minimum amount of disruption and continued safety for all Janet Certificate Service customers.

If you have any questions or queries, please contact the Janet Service Desk on 0300 300 2212 or email: service@ja.net

Update: 29 August 2014

Janet is currently going through an exercise to procure the Certificate Authority to sign and issue SSL certificates in the next installment of the Janet Certificate Service. We are in the final stages and in the coming few weeks hope to announce the chosen supplier with service launch planned in the first half of 2015. Once an announcement is made we would like to encourage input and feedback from customers on what you'd like to see in a new service e.g. additional types of certificates.

Update: 8 April 2014

Those affected by the OpenSSL vulnerability are also advised to replace the SSL certificate on affected servers and create a new private key. If you are affected Janet will refund you the certificate credit used to obtain the new replacement certificate.

Once you have applied the latest OpenSSL patch, obtained and installed a new SSL certificate in the usual way, you should revoke the old certificate (through your JCS account, as described here). Once you have revoked the certificate please advise the Janet Service Desk certificates@ja.net and your Certificate Service account will be re-credited.

The Janet News article can be found here

https://www.ja.net/about-janet/news/free-janet-certificates-those-affected-openssl-heartbleed-bug

Update: 3 June 2013

The new JCS web app is now available here on the Janet Community website, from the App Centre.

All JCS accounts are now accessible through the app. New features includes the ability to request EV and wildcard certificates, purchase bundles of certificate credits and, importantly, organisations can now manage their list of authorised users online.

For further information about managing users visit the Library pages here.

Update: 24 April 2013

Further to feedback from the community about how purchasing bundles of different types of certificates at variable costs will complicate your budgeting processes, Janet will instead introduce a fee of £35 per certificate, offering additional reduced certificate costs when purchasing bundles.
 
To reduce the need to accurately predict the size of certificate bundle required, Janet has extended the validity period of bundles from 12 to 24 months from the date of purchase.

As a result of these changes the announced charging date of 1 May 2013 has now been adjusted to 3 June 2013. This means you have an additional five weeks to obtain new certificates without charge.

Update: 15 January 2013

As of 1 February 2013, Comodo will be introducing an additional step to authenticate new Organisation Validated and Extended Validation certificate requests. The process to issue you with a certificate may now take up to five working days. For more information, visit https://community.ja.net/library/janet-services-documentation/comodo-callback-process.

Update: 16 May 2012

Following a number of high profile security breaches at several Certificate Authorities (CA) in recent years, popular web browsers from Mozilla, Microsoft and Google have called for improved security measures to be implemented prior to SSL certificates being issued.

In May 2011, Janet announced that the industry is introducing an additional security feature called Domain Control Validation (DCV) which will reduce the risk of Certificate Authorities issuing certificates to unverified users.

On 30 May 2012, the Janet DCV process will be integrated into the Certificate Service. DCV is an email challenge-response mechanism that verifies that the SSL certificate requester owns/controls the domain to be included in the certificate.

WHAT DOES THIS MEAN FOR YOU?

The certificate requester will be asked to select one address listed in the Registrant Contact (reg-c) field of the domain's WHOIS record, or from the list of five generic email addresses below:

admin@
administrator@
hostmaster@
postmaster@
webmaster@

You will receive an email with a unique code that you will need to enter into a webpage, before Comodo issues your certificate.

This process increases security around the issuance of SSL certificates and as this process is automated customers will find that certificates will be issued much quicker than currently.

NEXT STEPS

Time to get ready - if you are due to apply for new certificates after 30 May 2012, you may need to clarify which generic email address can be used to receive the codes within your organisation.

Please note that this change will only apply to applications for new certificates. Existing certificates will not be affected by this change.

For further information, including the list of generic email addresses, please visit:

https://community.ja.net/library/janet-services-documentation/domain-control-validation-dcv-process

or email the Janet Service Desk with any questions, at certificates@ja.net