Introduction

Security or digital certificates provide a mechanism to permit end users to establish secure communication channels with the owner (subject) of the certificate. Such certificates can be issued to a variety of subjects but are most typically used by servers to secure web services as part of the HTTPS protocol - a TLS/SSL server certificateLink opens in a new window.

For anyone requiring a TLS/SSL server certificate, it is recommended in the first instance, to consider using a free and automated renewal service, such as Let's EncryptLink opens in a new window. It should be noted that the Let's Encrypt service does require the associated web server to be directly accessible from the Internet (be in public IP address space).

There are many situations where it is not possible or appropriate to implement automated certificates services. In these cases, the ITS Security Certificate Service can be utilised.

Obtaining Security Certificates

At the present time we only offer TLS/SSL server certificates. Requests for new or replacements certificates can be made through Service Now using this form. The types of server certificate available are listed on the request form.

• Each certificate must have a separate request.
• You must provide a valid CSRLink opens in a new window (Certificate Signing Request) with the request.
• Requests are typically actioned within a day of receipt.
• Only staff members can request certificates.
• You will be sent an email once the certificate is available.
• There is no cost for the use of this service.

Security Certificate Download

The email sent to you contains several separate links to download the certificate in a variety of different formats. In most situations you should use:

Certificate only, PEM Link opens in a new windowencoded

The issuing CA root and intermediate certificates can also be downloaded from links in the same email. In most situations you should use:

Root/Intermediate(s) only, PEM encoded