Services - Secure Sockets Layer (SSL)

SSL technology is the industry-standard method for protecting Web communications. The SSL security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. Because SSL is built into all major browsers and Web servers, simply installing a digital certificate turns on their SSL capabilities. By convention, URLs that require an SSL connection start with https: instead of http: .   UCit provides a for-fee commercial offering (hotlink to topic below) service using GeoTrust and a free in-house offering (Hotlink to topic below) for both server and personal certificates.  For questions on either of these two offerings, please e-mail Information Security (mainsec@uc.edu).

Using SSL is a method of ensuring compliance with the policy on student privacy as specified by the Family Educational Rights and Privacy Act of 1974 (FERPA). If your site captures or sends personal information, such as social security numbers or home addresses, you will want to secure that site with SSL.

People won't transact business at a Web site unless they are certain it is secure. They need to know your University service is real and that their communications with you are private. At the same time, you need to protect your electronic communications against improper access

The University of Cincinnati has chosen GeoTrust as the provider of external server certificates. All GeoTrust certificates enable up to 256-bit encryption and can be used to secure servers used for Web sites, intranets, extranets and other online applications. For additional information, please visit the GeoTrust website and choose the Solutions link for Education.

Information Security acts in the role of Registration Authority (RA). This is an authority in a network that verifies a person's requests for a digital certificate and tells the Certificate Authority (CA - GeoTrust) to issue it. Since the RA has an established trusted relationship with the CA, the turnaround time is much faster than a person buying a certificate directly from the CA.

The UC cost for a 1 year new and or renewal certificate is $175.

The UC cost for a 2 year new or renewal certificate is $300.

If you know your budget number, you may provide it in the Comments section of the Certificate Signing Request (CSR).

To request an SSL certificate at UC, you must be a full-time UC employee and follow the steps below:

1. To begin the process, if you don’t already have one, request a static IP and a domain name (common name) for your Web Server from the UCit Network Operations Center. Web server administrators must ensure the common name has been approved by the Web Advisory Committee. Also, on the same form, you will need to request that port 443 is open for SSL for any application that will be accessed from outside of the UC Intranet. It is the responsibility of the requestor to ensure the UCit Network Operations Center has opened port 443, if needed. To access the form required to begin this process, go to: UCit's Request Static IP Address form
2. Next, go to the GeoTrust link for UC and follow the steps given to generate and submit the Certificate Signing Request (CSR).

For questions, please e-mail Information Security at (mainsec@uc.edu).

In-house certificates will be used when the server or Web site is internal to UC and the consumers of the website service are University faculty, staff, or students. Also, individuals can apply for a personal certificate for authentication, encryption and non-repudiation.

With the In-House offering, UCit is the CA (certificate authority) and Information Security is the RA (registration authority).

In-house server certificates are provided by UCit free of charge and can be requested through UCit’s online ordering system, GETit

In-house personal SSL certificates are provided by UCit free of charge and can be requested through UCit’s online ordering system, GETit

Contact Information Security at (mainsec@uc.edu)