Help Page

Download as PDFDownload as PDF

Managing Users:

There are three types of users to the Sectigo Certificate Management Portal: 

  • MRAO – Management Registered Authority Officer: This is for Jisc employees who manage the whole Jisc Certificate Service on behalf of the customers. 
  • RAO – Registered Authority Officer: This is for any customers to use. A RAO will have access across the whole portal for their specific organisation. 
  • DRAO – Departmental Registered Authority Officer: This is for users that have been set up in a department under the main organisation. This user will have a specific view that is set up for that department.  

To get set up as an RAO or DRAO, you will need to speak to a user of the portal who already has access.  

As a user, you can set up users by following the video, ‘Adding a User’. 

In short, you will need to login to the Sectigo Certificate Management Portal > settings > select green plus icon button in right hand corner > follow on screen instructions. 

If you would like to be set up as an IdP user, then you will need to be set up as a normal user, then another RAO user will need to select your account, then select ‘Send IdP Invitation’. 

Subscriptions:

Using the below subscription model, one certificate is tallied against your usage class, regardless of the certificate type of how many SANs you may use. 

*The price for Jisc members is available to any organisation that pays a Jisc subscription or has a Janet Network connection. If you are unsure, you can get in touch with us at certificates@jisc.ac.uk.  

What happens if I have issued all my certificates in my usage class? 

You will need to upgrade to the next usage class. Do not worry, you will not be charged the full price, but instead you will be charged in relation to how many days are left of your subscription. Get in touch with the certificates team to assist you with the upgrade.  

How long does a subscription last? 

A subscription lasts for one year. Renewal emails are sent out to all RAO’s three months in advance with a renewal link which requires a PO number. This is necessary for invoicing purposes.  

What if I fail to renew my subscription on time? 

The certificate team gets a notification and will automatically renew your subscription for you. They will then get in touch and request a PO number to process the cost of the subscription as an invoice. If no communication is received within a month, then the subscription can be suspended, and certificates cannot be requested.  

I’m trying to renew via the link from the renewal email, but it is not working? 

This is most likely due to the renewal already being processed by another RAO user in your organisation. If you are unsure, please do get in touch with the certificate team.  

When the 90 Day change comes into effect, will the current subscription model change? 

The subscription model is currently being reviewed and once a decision has been made, this will be communicated to all our users of the certificate portal.  

Request Certificates:

You can request certificates via multiple methods: 

  • Manual Requests on Sectigo Certificate Management Portal. 
  • Via Enrollment forms.  
  • Via an automated protocol such as ACME. 

Manual Requests:  

To request a certificate on the SCM portal, you must have the following: 

  • A validated organisation. 
  • A validated domain. 
  • An EV anchor if requesting an EV certificate.  

When requesting your certificate, it will not allow you to submit the request if the above are not in place. Please follow the ‘requesting a certificate’ video. 

Via Enrollment Forms: 

To set up an enrollment form on the SCM portal, you will need to go to Enrollment > Enrollment Forms > Select the green plus icon. You can follow our requesting an S/MIME through an enrollment form video as an example.  

ACME: 

ACME = Automated Certificate Management Environment 

It is a protocol that automates interactions between certificate authorities and organisation’s servers, allowing the automated deployment of OV and EV SSL certificates. To read more about ACME and how to use it, take a look at our ACME Blog

Request Client (S/MIMEs) Certificates:

Client certificates are used for digitally signing emails. You can request an S/MIME via an enrolment form. Following the video ‘Requesting a SMIME through an Enrolment Form’, you will be able to request a Client Certificate. Your organisation may already have an Enrolment Form set up, so you can skip this step.  

Revoking Certificates:

Certificates can be revoked at any time. However, if you would not like it to count from your subscription, then you will need to revoke it within 14 days of the certificate being issued. 

You can revoke the certificate by selecting the certificate and then selecting the ‘revoke’ button. Once revoked, this certificate will no longer be active.   

Viewing all Certificate Requests:

You can view all your certificate requests by logging into the Sectigo Certificate Management Portal, go to SSL Certificates and you will be able to filter the view to show what you need.  

Last Updated 14/10/2024