(DC) SSL Certificates
Certificates and private keys should be transmitted securely via the ticketing system, or UT . Private Keys, if downloaded or shared, MUST be transmitted via . DO NOT place private keys within email or send as email attachments. DO NOT disclose private keys to anyone not involved with the service. A private key that is compromised must be completely recreated to avoid serious security issues as a result.
Should the automation scripts or service administrators need to make announcements, they will use the group email address that is associated with a specific certificate. Please ensure that any changes to group email addresses are communicated via ticket to the certificate team so certificates can be updated.
For a tongue and cheek explanation of SSL certificate, comparing them to painted art and toilet paper.. |
Table of Contents
Looking to renew a certificate or update an existing one to extend it or make changes? Take a look here.
ITS-Managed Domain Certificate Requests
Tickets are required for new certificate requests, renewals or revocation.
Please do not engage via email or Teams chat before a ticket is opened.
What do I need to fulfill a certificate request?
Please refer to (DC) What to include in a request
Requesting a Certificate
SSL Certificates for servers and applications for the austin.utexas.edu or other ITS-managed (its.utexas.edu, cc.utexas.edu, etc.) domains, please use the following:
Preferred | |
Alternative |
Non-ITS Domain Certificate Requests
has a partnership with InCommon delegating SSL certificate creation to authorized departmental TSCs at no added cost. Our InCommon license entitles the university to an unlimited number of SSL certificates. Department TSC managers can be provided with a Department Registration Authority Officer (DRAO) account to manage their SSL certificates.
The TSC manager for a respective campus department can send their request for a DRAO account to (opens an ISO Ticket).The request email should include:
Subject: InCommon DRAO Request
|
New Domains (top-level or otherwise)
Campus units wanting to add new domains to their InCommon portfolio can generally self-provision these as needed. The ISO will need to approve them as they are requested.Top-level domains (e.g., ) will require a few extra steps. Once the ISO has submitted a request for this top-level domain, InCommon will reach out to the registered WHOIS contact with a request that they add a simple DNS entry to demonstrate they are in command of the name space. Once this has been done, InCommon will approve the domain and certificates can start to be issued for it.
Please feel free to send any questions you might have to .
Extended Validation (EV) Certificates
ISO in cooperation with UT Legal Affairs, Extended Validation (EV) certificates are available for servers. More information describing what an EV certificate is and when it might be used can be found at .
If you already have an InCommon DRAO request setup, you can select the EV cert option during the certificate request process.
InCommon/Comodo requires the Chief Information Security Officer to speak with them via telephone prior to approving each EV certificate request. As such, the turnaround time could be a bit slower than you are normally used to, so please plan ahead. Please feel free to send any questions you might have to .
SSL Certificate Explained
SSL is a security protocol that binds your server with encryption for online communication. In 1994, Netscape invented SSL to offer security to data transition. It establishes a secure connection between the visitor’s web browser and web server, allows a transition of information without fear of eavesdropping, data theft, message forgery. When SSL is enabled on the website, it changes website URL from http to https. An extra “S” ensures that the website is secured with robust encryption and safe for online transactions. To enable SSL on the website, a web server needs an SSL certificate issued by a certificate authority.
For example, if a visitor on a website transmitting confidential information like credit card, debit card data, or internet banking, the website must have an SSL certificate to encrypt the passing information. If the website is not secured by SSL, no one is going to trust it.
SSL is a boon for website that performs online transactions or has login page. SSL helps to enhance ROI of a business by winning the assurance of visitors and customers. When a website owner makes a request for an SSL certificate, the CA (certificate authority) affirms the details of an organization and issue an SSL certificate. Email servers, web-based applications, and server-to-server communications can be secured with SSL.