Skip to main content

Cornell University

Questions About SSL Certificates

Frequently asked questions about SSL certificates, such as cost, lists of certificates, responsibilities, verification and Apache installation.

This article applies to: SSL Server Certificate

On This Page

What do I do if my certificate is compromised?

Important: Contact the IT Service Desk to revoke a certificate if:
  • The server is compromised.
  • The private key is compromised or lost.
  • Your passphrase is compromised or lost.

Are There Any Fees and/or Billing for SSL?

There is no cost to Cornell departments for SSL Server Certificates.

Can I see a list of the certificates issues to me?

For a list of certificates issued to you, contact the IT Service Desk.

We can send the list for any date range you specify so be sure to include that information. Please allow 2-3 business days to receive this report.

What are my responsibilities?

  • When you create the Certificate Signing Request (CSR) a private key and pass phrase are generated. Make a backup of this private key and choose a pass phrase you will remember.
  • You must contact the IT Service Desk to revoke a certificate if:
    • The server is compromised
    • The private key is compromised or lost
    • Your pass phrase is compromised or lost
  • Certificates are issued for one year. You are responsible for taking action upon receipt of a renewal notification.
  • If your application is accepting credit cards for financial transactions, you must work with the Office of Cash Management. Refer to University Policy 3.17, Accepting Credit Cards to Conduct University Business.

How do I verify the SSL installation?

Use the Comodo SSL Analyzer tool. Fill in Server Hostname partway down the page, then click Check.

How do I install my certificate on Apache with mod_ssl?

  1. You will need to download two files from the email you received when your ssl certificate was created. Use the link for the Certificate (not the intermediate and root certificates) in Base64 encoded format, and the link for "X509 Intermediates/root only, Base64 encoded." The links in your email are labeled:
    • as X509 Certificate only, Base64 encoded
    • as X509 Intermediates/root only, Base64 encoded
  2. Then follow steps 2-5 in this procedure on the Comodo site.

Support Contact:

Cornell IT Service Desk

Normal Business Hours: Monday-Friday, 8am-6pm (Eastern Time)
Emergency Service Disruptions: After Hours Support

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.