Skip to main content

Questions About SSL Certificates

Frequently asked questions about SSL certificates, such as cost, lists of certificates, responsibilities, verification and Apache installation.

This article applies to: SSL Server Certificate


What do I do if my certificate is compromised?

Important: Contact the IT Service Desk  to revoke a certificate if:
  • The server is compromised.
  • The private key is compromised or lost.
  • Your passphrase is compromised or lost.

Are There Any Fees and/or Billing for SSL?

There is no cost to Cornell departments for SSL Server Certificates.

Can I see a list of the certificates issues to me?

For a list of certificates issued to you, contact the IT Service Desk.

We can send the list for any date range you specify so be sure to include that information. Please allow 2-3 business days to receive this report.

What are my responsibilities?

  • When you create the Certificate Signing Request (CSR) a private key and pass phrase are generated. Make a backup of this private key and choose a pass phrase you will remember.
  • You must contact the IT Service Desk to revoke a certificate if:
    • The server is compromised
    • The private key is compromised or lost
    • Your pass phrase is compromised or lost
  • Certificates are issued for one year, two years or three years at your choice. You are responsible for taking action upon receipt of a renewal notification.
  • If your application is accepting credit cards for financial transactions, you must work with the Office of Cash Management. Refer to University Policy 3.17, Accepting Credit Cards to Conduct University Business.

How do I verify the SSL installation?

Use the Comodo SSL Analyzer tool.

How do I install my certificate on Apache with mod_ssl?

  1. You will need to download two files from the email you received when your ssl certificate was created. Use the link for the Certificate (not the intermediate and root certificates) in Base64 encoded format, and the link for "X509 Intermediates/root only, Base64 encoded." The links in your email are labeled:
    • as X509 Certificate only, Base64 encoded
    • as X509 Intermediates/root only, Base64 encoded
  2. Then follow steps 2-5 in this procedure on the Comodo site: https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/637/0/certificate-installation-apache--mod_ssl

Was this page helpful?

Your feedback helps improve the site.

Comments?