Create and manage a range of digital certificates for websites, code signing and other applications.
This service provides free digital certificates. You may wish to use in cases where a certificate from Let’s Encrypt wouldn’t be appropriate for your application. Other digital certificate providers are available. If you would like advice on which certificate would be best for your situation, please don’t hesitate to contact us.
Benefits
- Certificates are free
- Create your own certificates in minutes in your account at Sectigo Certificate Manager
- Choose from a wide range of certificates including TLS/SSL, client and code signing
- Automatic renewal and automatic renewal and installation via ACME where applicable
How to get an account with Sectigo Certificate Manager
To register your institution, complete the form on our self-service portal. You can also navigate to form by visiting the portal at https://uniofcam.saasiteu.com. Browse for 'Certificates: Add New Institution'.
You'll need to provide:
- the name of your institution
- the top-level domains you wish to create certificates for
- the CRSids of all IT staff who will need to create and manage certificates.
If you add a domain outside the main university domain (cam.ac.uk), you will need to prove that you control it. We'll provide you with a CNAME entry that you'll need to add to the DNS for the domain. The Certificate Manager will scan your DNS hourly looking for this entry and will approve the domain when it finds it. This process is called Domain Control Validation (DCV).
We will contact you when we have created your account.
How to manage your account
You can add new domains, and add and delete users, on your account by completing the appropriate form on the self-service portal:
You can also navigate to these forms by visiting the portal at https://uniofcam.saasiteu.com and browsing for them. Each one is prefixed with 'Certificates:'.
How to create and manage your certificates
Find out how to manage your certificate.
How to request a certificate for domains external to cam.ac.uk
We strongly recommend using Let's Encrypt for external domains because you'll avoid unnecessary work and annual revalidation of your domain.
All-in-one hosting services such as Squarespace or Wix may not support certificates other than the ones those services provide. You must have control of your DNS and the ability to create a CNAME record pointing to an external domain. Not all hosting services allow this.
To request a certificate for an external domain, complete the Add a new domain form on UIS' self-service portal.
Domain Control Validation (DCV)
You'll need to insert a CNAME record that we'll supply into the DNS for your domain to prove that you control it. When the certificate manager finds this record, it will allow you to create certificates. Here's a sample of what we will give you, using an example domain:
_11cf2a82c33b85f17a07cf09a564ac6c.example.com. CNAME 1d4ddc9fdd82efe3a40ea3d09ac53f3b.7c6e9c73c7c00fe732332b713310f4a5.sectigo.com.
The bold part of the first line is the alias and the second line is the canonical name.
To add this to your zone file for example.com, add this entry (all on one line):
_11cf2a82c33b85f17a07cf09a564ac6c IN CNAME 1d4ddc9fdd82efe3a40ea3d09ac53f3b.7c6e9c73c7c00fe732332b713310f4a5.sectigo.com.
If you manage your DNS with a GUI of some sort, you'll need to follow its documentation. In either case, it's essential that:
- the record type is CNAME
- the alias begins with the leading underscore
- the canonical name ends with the final dot.
After the new record has had time to propagate, you should check it using a web-based DNS service to look it up or nslookup on the command line. For example:
nslookup -type=cname _11cf2a82c33b85f17a07cf09a564ac6c.example.com.
Once your CNAME is set up and visible, your domain should be validated within an hour, and you will then be able to create certificates.
How long it takes for a certificate to be issued
OV certificates should take just a few minutes. If you experience a delay, contact us and we'll investigate. EV certificates will take longer because they need to be manually approved (see How to choose between EV or OV).