Latest News
Download as PDF2020 - Please Refere to - https://community.jisc.ac.uk/groups/janet-certificate-service
Archive:
24 January 2017 - S/MIME certificates for digitally signed emails
We're pleased to announce that from today the service can provide end user certificates, which are used for digitally signing and encrypting emails. These are called S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates.
S/MIME are installed on email clients which then enable the end user to send digitally signed emails, giving recipients assurances that the email originated from the sender's account. By signing emails, recipients can also have confidence that the contents of the email has been been altered in transit.
Signed emails display to recipients the email address account on the S/MIME certificate, and users can click on the red rosette icon to see more information about the sender.
Users with S/MIME certificates installed can exchange encrypted emails between each other, where sensitive or personal information is being exchanged.
S/MIMEs also have the adding benefit of being able to digitally sign documents such as Microsoft Office and Open Office documents, according to BEIS guidelines on Qualified Electronic Signatures.
If you are a registered user for your organsiation's Certificate Service account you can now log into the portal to see more information.
26 November 2015 - Change to service Terms and Conditions
The service changed certificate provider to QuoVadis earlier this year, and as part of that transition Jisc is obliged to ensure all organisations that use the Certificate Service comply with and agree to a QuoVadis ‘Sub-LRA Agreement’. We have therefore updated the Certificate Service Terms & Conditions to reflect this. A copy of the Sub-LRA Agreement can additionally be found here: https://community.jisc.ac.uk/library/network-and-technology-service-documentation/sub-lra-agreement.
For the purposes of the Sub-LRA Agreement, existing Management Contacts will be deemed to be ‘Sub-LRA Officers’. Sub-LRA Officers perform essentially the same role as Management Contacts as they approve Certificate Requests on behalf of the organisation and are responsible for managing the list of Application Users requesting Certificates.
As a result, all organisations signed up to the Certificate Service will be asked to complete this form listing all current Management Contacts & Sub-LRA Officers. Jisc will over the next few weeks be emailing all customers individually to ask for the form to be completed and returned.
12 May 2015 - Launch of New Certificate Authority
The commercial CA, QuoVadis, is now the sole provider of SSL certificates through the Certificate Service. Business/Organisation Validated certificates, including wildcard, and high assurance Extended Validation certificates are available from the service.
New Certificate Service supplier announcement
I'm pleased to announce that from the 12 May 2015 the Janet Certificate Service will be providing SSL certificates signed by QuoVadis CA.
In the new service, QuoVadis will be providing higher assurance SSL server certificates only, which includes Organisation/Business Validated (OV) and Extended Validation (EV) certificates. We have been busy working with QuoVadis to develop an issuance process (in line with the industry guidelines as specified by the CA/Browser Forum) for the highest assurance EV certificates to enable customers to obtain these in a much better way, resulting in a quick turn around without compromising security and validation. Telephone call-back will not be required in the new service.
At the same time the service will be rebranded to just the Certificate Service, as Janet continues its integration with the Jisc group. Customers willl automatically transition to the new service without the need to sign up again, with all other things unaffected.
The service will after nearly 6 years switch from the incumbent supplier Comodo to QuoVadis. We'd like to thank Comodo for supporting the service and providing certificates to the UK research and education community.
A press release has been posted on the Jisc website here
As we get closer to the official launch date further information will be posted on here and on customers' Certificate Service accounts.
June 2013 - Launch of the new JCS web app
With the launch of the new JCS web app, the Janet Certificate Service has moved to the App Centre on this website. Registered users of the service will be able to purchase bundles of certificate credits, request and obtain SSL server certificates, and view and manage authorised users all through the new app.
New features include the ability to request EV and wildcard certificates directly through the app,enabling you to manage the entire certificate portfolio for your organisation in one place. Certificate lists can also now be downloaded to a convient CSV file.
There is a new process for managing users found here
There is a new process for joining the Janet Certificate service here
April 2013 - Charging system simplified ahead of introduction - 24/04/2013
Further to feedback from the community about how purchasing bundles of different types of certificates at variable costs will complicate your budgeting processes, Janet will instead introduce a fee of £35 per certificate, offering additional reduced certificate costs when purchasing bundles.
To reduce the need to accurately predict the size of certificate bundle required, Janet has extended the validity period of bundles from 12 to 24 months from the date of purchase.
As a result of these changes the announced charging date of 1 May 2013 has now been adjusted to 3 June 2013. This means you have an additional five weeks to obtain new certificates without charge.
Further information available here
January 2013 - Comodo introduces 'callback' process - 15/01/2013
From 1 February 2013 Comodo will introduce an additional validation step for all Organisation Validated (OV) certificates.
The new validation step is referred to as 'callback', and involves Comodo obtaining the number of the organisation requesting the certificate, calling the switchboard and asks to be put through to the person requesting the certificate.
The 'callback' process is likely to cause significant delay is the issue of OV certificates of up to 5 working days.
To ensure the Certificate Service continues to meet the requirements of customers, three types of certificates will be made available.
Further information on callback click here.
- November 2012 - THE JANET CERTIFICATE SERVICE IS CHANGING - 05/11/2012
Since its launch in 2009, the Janet Certificate Service has issued over 21,000 certificates to 600 organisations, saving the UK research and education sectors approximately £1.7m.
- May 2012 - IMPROVED SECURITY FEATURE FOR JANET'S CERTIFICATE CUSTOMERS IS ANNOUNCED - 16/05/2012
Following a number of high profile security breaches at several Certificate Authorities (CA) in recent years, popular web browsers from Mozilla, Microsoft and Google have called for improved security measures to be implemented prior to SSL certificates being issued.
In May 2011, Janet announced that the industry is introducing an additional security feature called Domain Control Validation (DCV) which will reduce the risk of Certificate Authorities issuing certificates to unverified users.
On 30 May 2012, the Janet DCV process will be integrated into the Certificate Service. DCV is an email challenge-response mechanism that verifies that the SSL certificate requester owns/controls the domain to be included in the certificate.
WHAT DOES THIS MEAN FOR YOU?
Either the certificate requester will be asked to select one address listed in the Registrant Contact (reg-c) field of the domain's WHOIS record, or from the list of five generic email addresses below:
admin@
adminstrator@
hostmaster@
postmaster@
webmaster@
You will receive an email with a unique code that you will need to enter into a webpage, before Comodo issues your certificate.
This process increases security around the issuance of SSL certificates and as this process is automated customers will find that certificates will be issued much quicker than currently.
NEXT STEPS
Time to get ready - if you are due to apply for new certificates after 30 May 2012, you may need to clarify which generic email address can be used to receive the codes within your organisation.
Please note that this change will only apply to applications for new certificates. Existing certificates will not be affected by this change.
For further information, including the list of generic email addresses, please visit:
Domain Control Validation process
or email the Janet Service Desk with any questions, at tag@ja.net
- September 2011 - The Janet Certificate Service extends its reach to schools
Local authorities and Regional Broadband Consortia can now obtain SSL server certificates for schools within their authority.
After a successful pilot earlier this year, the Certificate Service has now been modified enabling local authorities and RBCs, across England, Wales and Scotland to obtain certificates through the service portal for .sch.uk domains.
In order to request certificates for school domains, the authority must subscribe to the Certificate Service. Once a member, you can request that schools within your catchment area are added to your account enabling the new school facility to be activated.
These server certificates are free to all organisations registered with the Certificate Service; the service has issued over 12,000 certificates to the research and education community in under 2 years, enabled savings of more than £1.5m to UK education and research
To find out more, please visit: Obtaining SSL for schools
- May 2011 - Domain Control Validation proposal - 05/05/11 -
In response to the Comodo incident in March (as reported below), popular web browsers, such as those provided by Mozilla and Microsoft, are now requesting that Comdo introduce additional security procedures before certificates can be issued and service resumed to normal.
The extra security step is called Domain Control Validation (DCV) and requires the certificate requester to select an email address (from a list of generic email accounts based on the Fully Qualified Domain Name) to which a validation code is sent. The code must then be entered into an area on the CA’s website, before the certificate can be downloaded.
This type of additional security step is already implemented by some Certificate Authorities and could be ratified making it an industry-wide requirement. JANET(UK) is currently liaising with Comodo and we will keep all subscribers of the Janet Certificate Service updated with progress in this area.
For further information on the security proposal see Domain Control Validation process
- March 2011 - last updated 31/03/11
There has been some coverage in the news over the blacklisting of certain SSL certificates issued by Comodo. An account belonging to a single reseller was compromised, and a limited number of certificates were falsely issued for high profile sites. More details are available from Comodo, Microsoft and Mozilla.
As a result of this incident, Comodo is implementing changes to their systems which are likely to cause up to 24 hours delay when processing certificate requests. Further information will be posted here when that changes.
All existing certificates issued through the Janet Certificate Service have not been affected in any way.
For further information please contact the Janet Service Desk, tag@ja.net
