University of Rochester
 

Security and Policy Home

How we protect you

Protect your computer

Protect your data

Protect yourself

Protect your community

Report an Incident

University IT Home

IT Notices

IT Policy

About Us

PMR

Leaders

Contact Us

protect your data

 

secure web transaction Secure Web Transactions

 

 

Certificate Services

Secure web servers use secure socket layer (SSL) protocol to provide assurance that web servers are legitimate and that the conversation is encrypted to prevent network eavesdropping. In order to run a secure web server, system administrators must obtain a digital certificate which is signed by an external third party (a certificate authority). This process is similar in concept to obtaining a notarized document. Verisign is one firm offering digital certificates.

In order to obtain better service from Verisign for SSL server certificates, and being aware of the number of servers going through a very manual purchasing process for each one, University IT has pre-purchased certificates in bulk via Verisign's OnSite for Server IDs service. This significantly streamlines the approval process associated with obtaining server certificates. Those of you who have been through it, know how tedious and slow it is.

These certificates for SSL web service only -- they are not suitable for individuals or for becoming a Certificate Authority ourselves. In the public-key parlance, we are now a Registration Authority (we validate the requests, the signing is still done by Verisign).

 

Frequently Asked Questions

  1. What is the difference between getting a certificate here, compared to buying directly from Verisign (or any other certificate vendor)?

Instructions for obtaining web server certificates:

  1. Visit the Verisign OnSite Enrollment page for University of Rochester.
  2. Follow the directions there for generating a Certificate Signing Request (CSR) and uploading it to Verisign. They include instructions for Microsoft IIS and Netscape servers. For more detailed information (more screen shots, etc) that also covers other server platforms (e.g. Apache), use Verisign's CSR page. (Note: During the CSR generation, you will have generated your private key, which Verisign never sees. Make sure you have a backup copy -- neither UR nor Verisign can recover it if it's lost.)
  3. At that point, Verisign waits for University IT staff to approve the request, after which you will receive the certificate by email.
  4. If you have any questions anywhere in the process, send email to: certificate-questions@infosec.rochester.edu. (Note this address is offered on the Verisign enrollment page.)

You'll need to provide an account number for a charge of $600 (2-year cert) or $300 (1-year cert). Most people have been using a -2290 subcode. You can provide it on the Verisign web page, or send it by email within a few days.

 

up arrow Back to top

 

       

Text | Directory | Index | Contact | Calendar | News | Giving

©Copyright 1999 -- 2006 University of Rochester

Last Modified: Tuesday, 25-Sep-2007 09:38:00 EDT