certificates

Released 1st April 2021 Updated 16th April 2021 This advisory applies to all organisations providing a Home (IdP) service who wish to support users on Android 11 devices. A number of issues have arisen simultaneously which have resulted in a complex situation which requires a careful response from member organisations to avoid user disappointment. The recommended actions are summarised at the bottom of this page. Contents:
Buried in the historic mail archives (and likely in some older eduroam documentation) are advisories concerning the type of RADIUS certificate that eduroam(UK) participants should be using.  Basically, do not use MD5 certificates. For some time now, MD5 has been deprecated and over the past few years Operating Systems have been dropping support for such certificates. e.g. http://support.apple.com/kb/HT4999  (since iOS 5 MD5 certs are only valid for CA certs not server certs)
21 September 2018 at 10:46am
WE ENCOURAGE CUSTOMERS TO VALIDATE DOMAINS IN ADVANCE TO AVOID POSSIBLE LENGTHY DELAYS IN PROCESSING CERTIFICATE REQUESTS Q1) What is the change? From 1 August, new industry regulation states that Certificate Authorities (CAs) must no longer rely on checking a public WHOIS record to validate domain ownership. Instead, customers requesting a certificate must demonstrate a ‘positive interaction’ to show they have control over/ownership of the domain to be used in a certificate.
13 February 2018 at 2:34pm
We're pleased to announce that from today the service can provide end user certificates, which are used for digitally signing and encrypting emails. These are called S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates. S/MIME are installed on email clients which then enable the end user to send digitally signed emails, giving recipients assurances that the email originated from the sender's account. By signing emails, recipients can also have confidence that the contents of the email has been been altered in transit.
24 January 2017 at 2:07pm
The service changed certificate provider to QuoVadis in 2015, and as part of that transition Jisc is obliged to ensure all organisations that use the Certificate Service comply with and agree to a QuoVadis ‘Sub-LRA Agreement’. We have therefore updated the Certificate Service Terms & Conditions to reflect this.
14 October 2014 at 12:13pm
Availability of SHA-256 certificates: 14 October 2014We’re pleased to announce an agreement has been reached between TERENA and Comodo which will enable customers to obtain SHA-256 certificates. This is available with immediate effect and all certificates obtained from the service will be by default SHA-256.
8 February 2016 at 2:05pm
To apply for membership of the Jisc Certificate Service, please download, complete and sign the application form. It must be signed by someone with the appropriate level of authority to sign on behalf of your organisation. The completed form can be scanned and emailed (to certificates@jisc.ac.uk), faxed (0300 300 2213) or posted back to Jisc, Lumen House, Library Avenue, Harwell Campus, Didcot, OX11 0SG
2020 - Please Refere to - https://community.jisc.ac.uk/groups/janet-certificate-service Archive:
Jisc Certificate Service Jisc is able to provide subscribers of the Certificate Service with a range of server and S/MIME email certificates issued by QuoVadis CA. ----- All certificates issued are SHA-256. ----- 1. QuoVadis Extended Validation (EV) SSL certificate - recommended by Jisc for high profile web services
Subscribe to certificates