SSL / TLS Certificates

Questions? Get IT help See related How-Tos

Overview

UCSF provides SSL/TLS certificates for UCSF services through the InCommon Certificate Service (Sectigo). SSL/TLS certificates encrypt connections (HTTPS) and help clients verify a server’s identity before establishing an encrypted session.

 

How to access

  • SSO Requires users to sign-in to MyAccess SSO to access

Manual request (ServiceNow / RITM)
Use this for one-time/occasional requests or where automation isn’t being managed locally.

Automation guidance (ACME)
Some teams use ACME-capable tooling to automate certificate issuance and renewal for approved UCSF domains.

Before you request

Installing a certificate does not harden or secure a server by itself—teams should ensure systems are appropriately configured and maintained before requesting certificates. Requests that remain open for extended periods with unresolved vulnerabilities may be closed and require re-submission after remediation (or an approved exception).

To comply with the UCOP Encryption Key and Certificate Management Standard, UCSF services must use SSL/TLS certificates issued through the UCSF IT Security certificate service (or approved by the UCSF CISO). Third-party CA certificates (e.g., Let’s Encrypt, GoDaddy SSL, SSL Dragon, etc.) are prohibited.

Certificate lifetime and domain validation requirements

The CA/Browser Forum approved Ballot SC-081v3 in April 2025, phasing down maximum certificate validity and Domain Control Validation (DCV) reuse periods through 2029. Sectigo enforcement dates:

Effective

Max certificate validity

Max DCV reuse

March 12, 2026

199 days

~198 days

March 15, 2027

100 days

100 days

March 15, 2029

47 days

10 days

 

Support scope

IT Security can assist with certificate service questions and request workflow issues. For ACME, support typically includes account/access topics and credential delivery; client configuration and troubleshooting is generally handled by local administrators or platform teams.

Service Owner Team: IT Security
Service Support Team: IT Security
Service Category: Security

How can we help you?

Need assistance?

Do you have issue with this service? Submit an IT Service Desk ticket for more assistance with this service.

Get IT Help

We want to hear from you

Have you noticed a technical or content issue with this page? Provide feedback to assist the content owner with enhancing the content?

Send Feedback