15/09/2020

SSL Certificates

In partnership with Janet, emPSN are able to offer SSL Certificates which are Organisation Validated (OV).  OV certificates are typically used for standard HTTPS/SSL type services supplied with a Common Name CN.  OV certificates can also have multiple Subject Alternative Names SANs, permitting use of multiple named systems.  emPSN are able to obtain OV certificates from Janet on your behalf on the basis that the domains being used are registered in the schools name, or the schools organisational name.

Extended Validation (EV) certificates, Unified Communications (UC) and Wildcard (*.Domain) are available from the Janet service but at present these are not available to schools. Although Wildcard certificates are not available, certificates with multiple Subject Alternative Names (SANs) can be supplied with OV certificates.

There is a cost of £82 for a certificate for a 1-year duration, providing a discount of around 20% to that of the commercial market.  There will be a supplementary charge for SANs depending on the number of names used:

  • £82 for certificates with 4 or less domains (maximum 1 CN + 3 SANs)
  • £125 for certificates with 5 but less than 10 domains (max 1 CN + 8 SANs)
  • £211 for certificates with 10 but less than 20 domains (max 1 CN + 18 SANs)
  • £284 for certificates with 20 but less than 30 domains (max 1 CN + 28 SANs)
  • £370 credits for certificates with 30 up to 50 domains (max 1 CN + 49 SANs)

What is an Organisation Validated Certificate

At a glance

  • Displays certificate owners’ legal name to visitors
  • Supports up 49 additional domains in SAN fields
  • Can be used in Microsoft’s unified communications environments, including Exchange
  • Certificate duration of 1-year

Further detail
These certificates provide single domain and multi-domain SSL encryption. They offer high-level protection of 128/256 bit encryption and are 2048-bit ready, securing the certificate.
These certificates are organisation validated (OV) which means that the organisation to which this certificate has been issued to has been verified as a legal organisation.

HOW IS YOUR DOMAIN VALIDATED

All domains will need to be validated using one of the following methods:

  1. The domain owner adds a random number (provided by Jisc through emPSN) to the TXT field of the domain’s DNS record.
  2. Respond to an email (sent by Jisc) to the registrant contact email address registered against the domain.

Once a domain has been validated it will remain so for 13 months, so you do not have to do this every time you submit a certificate request.  If you are looking at certificates and would like to validate in advance please email us on – Certificate@empsn.org.uk – otherwise we will validate during the issue process.

How can I use this service

To use the service we will require you to supply the following information:

  1. A purchase order reference for the certificate.
  2. A certificate request in the form of a CSR file or a copy of the CSR information – if you are unsure how to do this information and help is available here – https://support.comodo.com/index.php and search for ‘CSR Generation
  3. The details of the device or application the certificate is for including the version.
  4. The details of the route you would like to use to validate your domain either:
    • The domain owner adding a random number (provided by emPSN/Jisc) to the TXT field of the domains DNS record.
    • OR The domain registrant contact email address responds to an email (sent by JISC).
  5. The admin email address to be used for issuing the certificates, pick from the list below.  When the certificate is due to expire, the certificate service will issue a reminder to indicate expiry is near.
    • hostmaster@domain_name
    • postmaster@domain_name
    • webmaster@domain_name
    • administrator@domain_name
    • admin@domain_name

To produce the certificate emPSN also need :

  • to know the type of certificate you need, the duration will be for 1-year.
  • the school name and number as it is provided in the DNS whois record held at Nominet which should be the same as that held at EduBase.
  • the name of the person at the school who can be emailed by Janet to confirm that emPSN can request the certificate on the school’s behalf. The school will also receive a Domain Name Validation email to which they need to respond
  • and a PO from the school to emPSN

How can I get some help

The link to the Janet website for more information on certificate types is https://community.ja.net/library/janet-services-documentation/certificate-types and there are different lead times depending on which certificate you choose.

Creating Certificate Requests (CSR)  – if you are unsure how to do this information and help is available here – https://support.comodo.com/index.php and search for ‘CSR Generation

To contact emPSN about purchasing a certificate please email Certificate@empsn.org.uk

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

    Our partners