HOME
| UTORprotect |
DOCUMENTATION
|
AMS/ROSI
|
SERVICES
|
CONTACT
Services
spacer

TLS Server Digital Certificate Purchase Service

***Heartbleed Certificate Replacement***

Replacements for existing Comodo certificates are available at no charge if ordered from this service. Keys must be regenerated. Send new CSR to security.admin@utoronto.ca with the FQDN specified in the body of the email. Do not use this form for replacements due to 'heartbleed' issue. When you have completed the installation ofyour replacement certificate, notify security.admin@utoronto.ca - in the email body enter: revoke FQDN. We will then initiate revocation of the replaced certificate.

The Information Security group of I+TS facilitates the purchase of Comodo Group TLS (formerly known as SSL) Certificate products for University server administrators. This service provides advantages over purchasing direct from a commercial Certificate Authority:

  • the site validation process for the utoronto.ca or toronto.edu domains is completed.
  • significant cost reduction.
  • the Information Security group in I+TS adds a departmental contact vetting process to ensure authorization to use server certificates (see note for more details below).
  • notification of imminent cert expiry is provided at least two weeks before the expiry date.

 

Products

The following certificate products are available for order. Single server certificates can be ordered using the form below - all other products need to be ordered via email to security.admin "at" utoronto.ca.

  1. Server certificates: these are used to protect one domain name. Note that all of these certs include 'www. ' as well as the fully qualified domain name specified. A single certificate can be used with unlimited logical or physical servers. Use the form below to order server certificates.

  2. Wildcard certificates: these are used to protect a range of domain names under a single domain level. eg. '*.mysubnet.utoronto.ca'. It does not include the single name 'mysubnet.utoronto.ca'. Contact security.admin "at" utoronto.ca for information and pricing.

  3. Multi-domain certificates: these are used to protect a range of domain names with no restriction. Contact security.admin " at" utoronto.ca for information and pricing.

Note for I+TS orders: All cert purchases must be approved at the director/manager level. Use Billing Contact field below to enter director/manager approver name.

Note on certificate issuance verification: The certificate issuance validation feature that is provided with this service adds an extra degree of assurance for site administrators and end users. Before cert orders are processed, the site administrator authorization is vetted by checking the authoritative /etc/networks file. If the admin is not present in that database, they are requested to have someone who is validate the request. Note that this may delay the issuance of the the certificate.

Site users can be assured of this validation process when they see the Comodo cert on a University website. This is a step above how a commercial CA handles validation for low cost products - such CAs compare the requestor with the owner of the domain name only. This has minimal effectiveness since spammers obtain domain names.

 

Price List

Comodo InstantSSL Server Certificate

Validation Term (yrs) Unit Price ($)
1 40
2 75
3 100

 

Order Form

Chargeback Information
 
Billing Contact*
Billing Contact Email*
Billing Contact Telephone*
Technical Contact Email (if not the same as Billing Contact Email)
Department/Faculty*
   
Billing Information*

Fund Centre

Cost Centre

Acct. No.

 

 
Certificate Information
 

Certificate Signing Request (CSR)

Ensure the Common Name (CN) in your CSR is your server's fully qualified domain name (eg. myserver.mydepartment.utoronto.ca).

The minimum keysize for SSL/TLS server certs is 2048 bits. The Organization field must be set to 'University of Toronto' (no quotes). When renewing a certificate, you must always generate a new keypair - do not try to use the existing keypair.Click here for more instructions to generate a CSR.

Copy CSR into the text area below*.

   
Enter server software used to generate CSR.*
   
Term of Certificate*:
2 yr. 3 yr.
   
*: Required information  
   

 

 

 

©2011 - University of Toronto Information + Technology Services, All Rights Reserved.