This content is viewable by Everyone

Accept Only Valid Certificates!

Save

Owner Team: IT Security
Service:
SSL / TLS Certificates

Don't be left vulnerable to attacks!

Protect yourself and UCSF by accepting only valid certificates!

Now that we have your attention...

There are two types of certificates that protect UCSF data and user data: website certificates and wireless certificates.

Website Certificates

Are you using a web browser?
Make sure the site you're visiting is using a valid website certificate!

Valid website certificates are used as:

A proof of identity for the web server
A means of securing the connection between your web browser and a website.

How do I know if it's a valid website certificate?

Click here to find out!

Wireless Certificates

Are you connecting to networks wirelessly?
Make sure a network you're visiting is using a valid wireless certificate!

Wireless certificates are used as:

A proof of identity for the wireless access point
A means of securing the connection between the access point and you.

How do I know if it's a valid wireless certificate?

Click here to find out!

The purposes of this page are:

To raise awareness surrounding Secure Sockets Layer (SSL) certificates and their uses
To explain what can make certificates invalid
To describe possible consequences of accepting invalid certificates

What does SSL protocol do?

Secure Sockets Layer (SSL) protocol creates a secure (encrypted) connection between a client and a server.

A valid SSL certificate is used as proof of identity for a server and also secures the connection between the server and the client.

An SSL certificate protects information being exchanged so that only the intended recipient can read and access the information.

A valid certificate will protect UCSF data, such as patient data and account information, along with personal data such as credit card numbers, social security numbers and other sensitive information.

What's the problem with an invalid certificate, and how can I prevent it?

SSL certificates ensure that the information being exchanged is encrypted, making it harder for attackers to steal that information.

An invalid certificate does not protect this data, so it may allow an attacker to intercept the information being exchanged.

When in doubt about the validity of a certificate, contact your local IT support representative or the IT Service Desk to verify its legitimacy.

Contact UCSF Service Desk

What can invalidate an SSL certificate?

There are a number of reasons why an SSL certificate may be invalid, including the following:

Self-signed certificate – This is a certificate not verified by a certificate authority. Self-signed certificates do not validate the identity of the web server.

If you would like a certificate from a certificate authority, UCSF provides InCommon SSL certificates for all UCSF, free of charge.

If you are a server administrator, you can apply for an InCommon SSL: Overview of UCSF's SSL Certificate Service.

Expired certificate – This certificate may have been issued by a certificate authority, but it has expired and is no longer valid.

Revoked certificate – This certificate is no longer valid from the certificate authority. It's possible that the private key of the server was compromised and has been revoked by the certificate authority.

UCSF IT Technology