SSL Certificates

HTTPS must be used to secure the transfer of sensitive data such as personal information or usernames/passwords between your web server and your users' browsers. It also allows your users to verify that they are talking to your server and not an imposter.

A private key and valid SSL certificate need to be installed on your web server for it to properly support HTTPS.

The underlying protocol that secures HTTPS is called Transport Layer Security (TLS). Previous (now insecure) versions of TLS were called SSL.

The term SSL is still used in some places to describe what is actually now TLS.

UCD IT Services, through HEAnet and Terena, can supply server certficates signed by DigiCert Inc. These server certificates are free of charge and are for "educational and research" use only. They should not be used to secure commercial transactions such as those involving credit cards.

A server certificate is  valid for only three years and must be renewed and replaced before it expires to ensure continued security of your system.

How to obtain a free SSL certificate

A Certificate Signing Request (CSR) must first be generated on your server. This CSR can then be sent to IT Services who will generate your SSL certificate for you for free.

Detailed steps for generating the CSR for your server can be found here.

You will need to provide some Certificate Information relating to your server, organisation, location and the level of security required. Ensure that your Common Name includes the full hostname - the '.ucd.ie' must be included. The supported CSR key sizes are 2048 or 4096 bits.

 

Common Name Your server hostname, e.g. ourwebserver.ucd.ie
Organisation University College Dublin
Organisational Unit IT Services
City / Location Dublin
State / Province Dublin
Country code IE
Key size 2048 (or 4096 if required)

 

E-mail your .csr file and your Certificate Information to ithelpdesk@ucd.ie and state that you need an SSL certificate generated. You will receive a .zip file containing your .crt certificate file (named based on the common name you specified), the intermediate certificate named DigiCertCA.crt and some instruction text files.

To install and start using the SSL certificate, please see here for instructions on how to install the certificate on common platforms and operating systems.You can then test that your certificate is correctly installed by using the DigiCert SSL Installation Diagnostics Tool located here.

Please note that a certificate is only one aspect in securing a server. Please see IT Services Security page here for further tips and reccomendations.