Digital Certificates

These pages are produced and maintained by the ITS CSOL Certificates Team.  If you have any questions, please send an email to

cert_questions@utlists.utexas.edu
.

May 4th, 2026

Certificates issued on or after this date begin using the new chain for InCommon TLS certificates, while certificates issued before that date keep using the old chain until they expire. Please see https://cloud.wikis.utexas.edu/wiki/spaces/digitalcertificates/pages/39223978

Certificate Lifespan to move to a 47-day lifecycle in 2029.  

image.png

Even before that date, the lifecycle period shortens:

  • IN EFFECT March 15, 2026: Maximum certificate lifespan reduced to 200 days

  • March 15, 2027: Further reduction to 100 days

  • March 15, 2029: Final enforcement of the 47-day maximum lifespan

AUTOMATION is a MUST!!   The digital certificates team is here to help!

NO ONE should be replacing certificates manually! You should have this process happening through self-implemented automation or proprietary application based automation process.
MONITOR: You should monitor certificates expiration dates! Plenty of internal tools to assist with that task, as well as internet tools for externally hosted servers and hists.

Button | Mosaic

What is a Digital Certificate?

In the broadest terms, a digital certificate is block of cryptographic text that is used in many functions such as securing data transport or ensuring the identity or authenticity of sender or provider of information.  Digital Certificates come a variety of types and formats to support various functions.

Button | Mosaic

Certificate Type

Description / Explanation

Certificate Type

Description / Explanation

Button | Mosaic

 

SSL or Secure Socket Layer and TLS (Transport Layer Security) certificates come in a private and public key pair.    With this combination of keys, a web browser (client) that connects to a server can:

  • Authenticate the identity of the server (a website, a domain name, server name or host name)

  • Encrypts the data in transit between client and server.

In web browsers, an established encrypted/secure connection will present as a padlock in the URL bar of the browser along with starting string of "https://".

Renewing Certificates

Looking to renew a certificate or update an existing one to extend it or make changes?   Take a look here.

Button | Mosaic

Client Certificates or Digital IDs are used to identify one user to another, a user to a machine, or a machine to another machine. One common example is digitally signing emails, where the sender digitally signs the communication, and the recipient verifies the signature.  Client certificates authenticates the sender and the recipient.

Client certificates also take the form of two-factor authentication when the user needs to access a protected database or arrives at the gateway to a payment portal, where they’ll be expected to enter their passwords and be subjected to further verification.

Button | Mosaic
how-code-signing-certificate-work.jpg

Code Signing Certificates are used to digitally sign software or files that are downloaded over the internet.  The files are signed by the developer/publisher of the software. Their purpose is to guarantee that the software or file is genuine and comes from the publisher it claims to belong. They’re especially useful for publishers who distribute their software for download through third-party sites. Code signing certificates also act as a proof that the file hasn’t been tampered with since download.

Information, Knowledge, and Technical Articles
What to know more?  Want to get into the specifics of certificates, cryptography, and security?   This section is the library or knowledge base of information.

Button | Mosaic

Page Index