A security certificate:
- identifies an individual or website, as asserted by a certificate authority (an organisation that certifies ownership)
- assures visitors to your website that your business is legitimate and your website is secure
- is sometimes referred to as a digital certificate, or a SSL certificate
- is often called a personal certificate (if it is issued to an individual rather than an organisation)
The Information Security Office issues security certificates for secure web servers in the otago.ac.nz domain. These security certificates:
- are obtained via AusCERT and validated by Comodo
- are free and valid for three years
- must not be used for payment processing
If you require certificates for non-Otago domains, or certified by different Certificate Authorities, these will be provided at cost.
Personal Certificates (i.e. S/MIME) are not issued at present. If you are interested in obtaining a personal certificate, please contact the Information Security Office.
Security certificates are requested from the Information Security Office. You will need to:
- generate a private key– a file containing the key(s) used for activities such as sending or accessing secure web sites. Keep this safe and do not send it to anyone, and
- create a Certificate Signing Request (CSR) – a file sent to the certificate authority (CA) for validation. Please send this to the Information Security Office, and include information on your server software so the correct response can be provided. The key length should be at least 2048 bits
Please contact the Information Security Office if you have further questions about security certificates.