Description

SSL (secure socket layer protocol), currently using TLS 1.2 or greater encryption, is used to secure transmissions between servers and clients. Example: Visiting a https address from Google Chrome or Safari.

SSL / TLS certificates allow clients to verify a server's authenticity against known Certificate Authorities before establishing an encrypted connection. This helps determine if the server is who they say they are.

However, installing a SSL / TLS certificate does not mean that your server is secure; it just allows the client to establish an encrypted connection to the server. Therefore, before contacting IT Security to request an SSL certificate, you will need to harden your server as outlined in the Best Practices Guide for Servers on the UCSF IT Security website.

Requests that are open for longer than 60 days and have pending vulnerabilities will be cancelled out and a new request can be opened once the on-going remediations are fully resolved or a security exception has been filed.

For more information, including how to request an SSL certificate for your server, refer to our overview of the IT Security SSL Certificate service and SSL/TLS Certificate Requirements (MyAccess login required).

To comply with the UCOP Encryption Key and Certificate Management Standard, only SSL/TLS certificates issued through the UCSF IT Security certificate service (or those approved by the UCSF CISO) are accepted at UCSF, 3rd party CA signed certificates such as; Let's Encrypt, GoDaddy SSL, SSL Dragon, are prohibited and will violate this standard.