it.ucsf.edu

Invalid Certificate Overview

Don't be left vulnerable to attacks!

Protect yourself and UCSF by accepting only valid certificates!

 

There are two types of certificates that protect UCSF data, and user data:

Website Certificates

Are you using a web browser? Make sure the site you are visiting is using a valid website certificate!

Valid website certificates are used as a proof of identity for the web server, as well as securing the connection between your web browser and a website.

How do I know if it's a valid website certificate?

Click here to find out!

Wireless Certificates

Are you connecting to networks wirelessly? Make sure it's using a valid wireless certificate!

Wireless certificates are used as a proof of identity for the wireless access point, as well as securing the connection between the access point and you.

How do I know if it's a valid wireless certificate?

Click here to find out!

The purpose of this page is to raise awareness surrounding Secure Socket Layer (SSL) certificates and explain possible consequences of accepting invalid certificates.

Secure Sockets Layer (SSL) is a protocol which creates a secure (encrypted) connection between a client and a server. A valid certificate is used as proof of the identity for a server, as well as secures the connection between the server and the client.

A SSL certificate is used to protect information being exchanged so that only the intended recipient can read and access the information. A valid certificate will protect UCSF data such as patient data and account information, along with personal data such as credit card numbers, social security numbers, and other sensitive data. SSL certificates ensure that the information being exchanged is encrypted, making it harder for attackers to steal that information. An invalid certificate does not protect this data and may allow an attacker to intercept the information being exchanged.

There are a number of reasons why a certificate may be invalid, some of the reasons may be:

  • Self-signed certificate - this is a certificate not verified by a certificate authority. Self-signed certificates do not validate the identity of the web server. If you would like a certificate by a certificate authority, UCSF provides InCommon SSL certficates for all UCSF, free of charge. If you are a server administrator please apply for an InCommon SSL: Overview of UCSF's SSL Certificate Service
  • Expired certificate - this certificate may have been issued by a certificate authority, but has expired and is no longer valid
  • Revoked certificate - this certfiicate is no longer valid from the certificate authority, it's possible that the private key of the server was compromised and has been revoked by the certificate authority

When in doubt about the validity of a certificate, contact your local IT support representative or the Service Desk to verify the legitimacy of the certificate.

Contact UCSF Service Desk

Additional Resources: