SSL Certificates

Printer-friendly version

Acquiring SSL Certificates for Hosts in the "ucsb.edu" Domain

ATTENTION: If you maintain a server that uses an SSL certificate with a SHA-1 signature, you may need to obtain a new certificate to avoid web browsers receiving certificate warnings about weak encryption. Many SSL certificates in use today are signed by a Certificate Authority (CA) using the SHA-1 algorithm. This includes all certificates issued to UCSB by InCommon prior to October 1, 2014. Applications other than web servers may also be affected. Read Transition to InCommon SSL certificates signed with SHA-2 for details.

NOTE: This process is only applicable to certificates for hosts with a name ending in "ucsb.edu." No other domains are approved for this process. Please read all the following information before submitting a Certificate Signing Request (CSR).

The following SSL certificate types are available for ucsb.edu domains through our Enterprise agreement with InCommon: Standard, Wildcard, and Subject Alternative Name (SAN, or multi-domain). There is no charge to departments for use of these certificates.

The following steps apply to new and renewal certificates:

  1. Generate a Certificate Signing Request (CSR). For instructions, select your server type on the Comodo Knowledgebase CSR Generation page.
    1. Note that the "Organization Name" must be "University of California, Santa Barbara" (note the comma after "California"), and the "Common Name" must end with "ucsb.edu".
    2. Use a 2048-bit or larger key when generating the CSR. Anything shorter will be rejected. Those requesting a certificate renewal using an existing CSR should verify the key length is at least 2048 bits.
  2. Fill out the SSL Certificate Request Form.