Resources
SSL Server Certificates
The Security Office is offering a service whereby owners of production UI web servers with requirements for enhanced security can obtain an SSL (Secure Sockets Layer) certificate at substantial savings to the owning department. The certificates are not free, but will be available at a reduced cost.
Please review the following guidelines for determining when a web server may need the added security provided by SSL, and a description of what an SSL certificate provides.
The certificate service is being managed by Thawte, a division of Verisign. The SSL Server Certificates being offered by the Security Office dynamically provide 40-bit, 56-bit, and 128-bit encryption, depending on the capability of the web server and web browser being used.
The basic steps for obtaining and installing an SSL server certificate are:
1. Generate a certificate signing request (CSR) on the server. Thawte provides the following instructions for generating a CSR on various servers.
2. The CSR is submitted to the IT Security Office through this web site, supplying UI-specific information. You MUST use the following UI instructions to ensure you supply the correct information!
3. The certificate request is verified and approved by the IT Security Office. The request will be issued to Thawte on your behalf.
4. Thawte issues a pending certificate status and sends a e-mail notice to the requester. Your certificate will be available for downloading from the Thawte status site when this is complete.
5. The certificate is generated, and downloaded to the web server. Upon receipt of the certificate, you install/enable it on the server, and configure the server to use it.
6. The ITS Software Office will bill your department for your portion of the cost of the certificate.
If you have any questions about this process, please contact the IT Security Office at 5-6332. Billing inquiries should be made to the UI Software Office at 5-6069.