Secure Server Certificates
What is a Secure Server Certificate?
A secure server certificate (not to be confused with a personal certificate) is a digital certificate issued to a Web server by a trusted certification service known as a Certificate Authority (CA). A server certificate verifies the organization's identity to the client so that the client can securely browse the organization's Web site confident that:
- the website belongs to said organization (not an imposter), and
- transactions between the server and client are encrypted.
A protocol known as Secure Sockets Layer (SSL) is most commonly used to encrypt information sent across the Internet. Secure server certificates allow Web servers to establish SSL sessions with Web browsers.
How to Get a Secure Server Certificate
As of fall 2010, ITS is making commercial SSL server certificates for any UVA-owned domain available at no cost to university departments. (Previously, ITS offered SSL server certificates from www.pki.virginia.edu that were free but not trusted outside of UVA. The commercial SSL server certificates are trusted globally.) All servers in the virginia.edu domain qualify for this service, as do servers in other domains which have been purchased by UVA departments or groups. Certificates for servers in domains other than virginia.edu will take longer to obtain, as UVA must first request approval to include the domain in the InCommon Certificate Service as a UVA domain, before we may get certificates for the domain.
The InCommon Federation, operated by Internet2, is an organization created by and for the higher education community. The mission of the InCommon Federation is to support a framework of trustworthy access to online education and research resources. InCommon is partnering with Comodo CA Ltd., a major commercial Certificate Authority and member of Internet2, to offer this certificate service. Comodo certificates are widely trusted by all common Web browsers.
The InCommon Certificate Service leverages the buying power of InCommon and Internet2 to provide a cost-effective commercial SSL certificate service to its members. The service provides campus members with an unlimited number of SSL certificates for a fixed annual fee. ITS elected to fund the membership fee centrally, effectively making SSL server certificates free to departments for any domain name owned by the university.
ITS encourages the use of Comodo/InCommon server certificates. Secure server certificates from other commercial certificate services (such as VeriSign, GeoTrust, etc.) may still be used as long as the department funds all of the associated costs to obtain a non-InCommon certificate.
To request a secure SSL server certificate for your Web server, make a service request through the Service Portal.