Please note this service will be changing!
As of 1 August 2018, all domains will need to be validated using one of the following methods:
- The domain owner adds a random number (provided by Jisc through emPSN) to the TXT field of the domain’s DNS record.
- Respond to an email (sent by Jisc) to the registrant contact email address registered against the domain.
Once a domain has been validated it will remain so for 13 months, so you do not have to do this every time you submit a certificate request. If you are looking at certificates and would like to validate in advance please email us on – Certificate@empsn.org.uk – otherwise we will validate during the issue process.
This is a change of industry regulation outside of emPSN control.
In partnership with Janet, emPSN are able to offer SSL Certificates which are Organisation Validated (OV). OV certificates are typically used for standard HTTPS/SSL type services supplied with a Common Name CN. OV certificates can also have multiple Subject Alternative Names SANs, permitting use of multiple named systems. emPSN are able to obtain OV certificates from Janet on your behalf on the basis that the domains being used are registered in the schools name, or the schools organisational name.
Extended Validation (EV) certificates, Unified Communications (UC) and Wildcard (*.Domain) are available from the Janet service but at present these are not available to schools. Although Wildcard certificates are not available, certificates with multiple Subject Alternative Names (SANs) can be supplied with OV certificates.
There is a cost of £75 for a certificate but we can issue them for either 1 or 2 year (3 year certs were only available until 28th Feb 2018) duration for the same price, providing a discount of almost 80% to that of the commercial market. As of September 2017 there will be a supplementary charge for SANs dependant on the number of names used, the new rates are as follows:
- £75 for certificates with 4 or less domains (maximum 1 CN + 3 SANs)
- £111 for certificates with 5 but less than 10 domains (max 1 CN + 8 SANs)
- £183 for certificates with 10 but less than 20 domains (max 1 CN + 18 SANs)
- £242 for certificates with 20 but less than 30 domains (max 1 CN + 28 SANs)
- £314 credits for certificates with 30 up to 50 domains (max 1 CN + 49 SANs)
What is an Organisation Validated Certificate
At a glance
- Displays certificate owners’ legal name to visitors
- Supports up 49 additional domains in SAN fields
- Can be used in Microsoft’s unified communications environments, including Exchange
- Certificate duration for one or two years
These certificates provide single domain and multi-domain SSL encryption. They offer high-level protection of 128/256 bit encryption and are 2048-bit ready, securing the certificate for several years.
These certificates are organisation validated (OV) which means that the organisation to which this certificate has been issued to has been verified as a legal organisation.
How can I use this service
To use the service we will require you to supply the following information:
- A purchase order reference for the certificate.
- A certificate request in the form of a CSR file or a copy of the CSR information – if you are unsure how to do this information and help is available here – https://support.comodo.com/index.php and search for ‘CSR Generation’
- The details of the device or application the certificate is for including the version.
- The details of the route you would like to use to validate your domain either:
- The domain owner adding a random number (provided by emPSN/Jisc) to the TXT field of the domains DNS record.
- OR The domain registrant contact email address responds to an email (sent by JISC).
- The admin email address to be used for issuing the certificates, pick from the list below. When the certificate is due to expire, the certificate service will issue a reminder to indicate expiry is near.
To produce the certificate emPSN also need :
- to know the type of certificate you need and the duration 1 or 2 years.
- the school name and number as it is provided in the DNS whois record held at Nominet which should be the same as that held at EduBase.
- the name of the person at the school who can be emailed by Janet to confirm that emPSN can request the certificate on the schools behalf. The school will also receive a Domain Name Validation email to which they need to respond
- and a PO from the school to emPSN
How can I get some help
The link to the Janet website for more information on certificate types is https://community.ja.net/library/janet-services-documentation/certificate-types and there are different lead times depending on which certificate you choose.
Creating Certificate Requests (CSR) – if you are unsure how to do this information and help is available here – https://support.comodo.com/index.php and search for ‘CSR Generation’
To contact emPSN about purchasing a certificate please email Certificate@empsn.org.uk
Changes to this service
From the 1st March 2018, certificates will only be issued for up to 2 years.
From the 1st August 2018, domain validation will take the form of TXT record markings on the DNS