Server Certificates

Standard, multi-domain (SAN), and wildcard Secure Sockets Layer (SSL) certificates provided for University departments and affiliates.

CUIT offers standard, multi-domain (SAN), and wildcard Secure Sockets Layer (SSL) certificates for University departments and affiliates at no additional cost. CUIT purchased a bulk license for the InCommon Certificate Service for unlimited standard, SAN, and wildcard SSL certificates. Through an arrangement with the Internet2 InCommon consortium, these certificates are provided by Comodo, a leading commercial provider of certificates.

Certificates are also required when upgrading sites from HTTP (hyper text transfer protocol) to HTTPS, the secure version of HTTP. A website must have a trusted SSL digital certificate to be labeled as HTTPS in the browser address bar. This security measure ensures communications between the user’s browser and the website are encrypted.

Upgrading is not required, however, one of the most popular web browsers, Google Chrome, has changed their treatment of HTTP websites, labeling them as “not secure,” a measure that may impact the customer experience. In July 2018, the Google Chrome 68 version release began marking all HTTP sites as “not secure” in the search bar, and in October 2018, the “not secure” label began appearing in red and blinking if a user enters data into any fields on HTTP sites.

To request a certificate, please fill in this form via CUIT’s InCommon SSL Certificate portal. Please note the following:

  • Requests submitted via other certificate authorities will not be authorized.
  • Approvals may take up to 5 business days.
  • Initial requests for domains will take longer due to additional information that will need to be submitted and necessary changes to be made to the DNS records by the WHOIS admin contact.
  • If you are requesting a wildcard certificate, it will require additional validation by the certificate authority and you may be contacted for additional information.


All Columbia University departments and affiliates can use this service. CUIT will sign certificates for domains in and other domains controlled by Columbia University departments and affiliates subject to the University's Internet Domain Name Policy.

No. CUIT will only approve certificate requests submitted via CUIT's InCommon SSL Certificate portal. We will not authorize requests submitted via other certificate authorities.

Certificates are valid for one year from the date that they are issued. You will receive email directly from InCommon notifying you 30 days before your current certificate expires.

Certificate keys must be at least 2048-bit. Please note that 1024-bit keys are no longer accepted. For more information, see InCommon's key length documentation.

CSRs and their keys should not be reused. Users must generate and submit new CSRs whenever certificates are renewed.