Skip to main content

Cornell University

IT@Cornell

SSL Server Certificate

Screen showing https for secure login

Use secure connections on your web server

SSL Certificates link an encrypted key to an organization’s identity. When installed on a web server, the certificate activates the https protocol, shows the padlock, and allows secure connections between the server and the browser.  This helps protect user privacy and data integrity.

The IT Security Office offers no-cost SSL server certificates through the InCommon Digital Certificate service. The service is contracted through Comodo

What are the benefits of an SSL certificate?

  • User privacy and data integrity: data is encrypted as it moves over the network. It cannot be easily intercepted or altered.
  • Strong assurance of server authenticity: the certificate is signed by Comodo's certificate authority, which is one of a limited number of certificate authorities automatically trusted by major browsers.

When should I use an SSL certificate?

You should use an SSL certificate in any of the following cases.

  • Services that require users to authenticate.
  • Services that display or ask the user to provide any of the following types of data.
    • Protected by federal or state legislation (for example: medical histories, personal financial data, student visa status, social security numbers)
    • Sensitive or confidential (for example: University budgets, physical security infrastructure documents, vendor contracts)
  • When the ability to confirm the authenticity of the server is a requirement. For example, in a limited development environment a self-signed certificate may be acceptable. The corresponding production service, however, may require the assurance of a certificate signed by a globally-recognized certificate authority.

What types of certificates are available?

  • InCommon SSL: Single domain certificate.
  • InCommon Multi-Domain: Secures up to 100 different domain names on a single certificate.
  • InCommon Code Signing: Certificate-based digital signature used to sign executables and scripts in order to verify the author's identity. Ensure the code hasn't been changed or corrupted after signing by author.
  • InCommon Unified Communications Certificate (UCC): Secures multiple fully-qualified domains on a single certificate. Specifically designed for use with Microsoft Exchange and Microsoft Office Communications servers.
  • (Coming soon) EV SSL Certificate: Extended Validation certificates provide the highest levels of encryption, security, and trust. Immediately reassure site visitors that it is safe to conduct online transactions by turning the address bar green on next generation browsers.
  • InCommon WildCard SSL: Secures the domain and unlimited sub-domains of that domain.

All certificates are available in one or two year terms.

For more details about each certificate type, see the Types of Certificates page.

Request a Certificate 

Use the SSL Certificate Request Form for:

  • Single domain certificates
  • Multiple domain certificates
  • Unified communications certificates 

For the other certificate types, contact the IT Service Desk

Important: Contact the IT Service Desk to revoke a certificate if:
  • The server is compromised.
  • The private key is compromised or lost
  • Your passphrase is compromised or lost.

Support Contact:

Cornell IT Service Desk

Normal Business Hours: Monday-Friday, 8am-6pm (Eastern Time)
Open a ticket (24x7 support)
Emergency Service Disruptions: After Hours Support

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.