Secure Sockets Layer (SSL), is a cryptographic protocols that provide communication security over the Internet.
Benefits & Features
It uses asymmetric cryptography for authentication of key exchange, symmetric encryption for confidentiality and message authentication codes for message integrity. Several versions of the protocols are in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).
Our SSL/TLS certificates are issued through the InCommon Certificate Service, which uses Sectigo as the Certificate Authority.
Cost Savings: Unlimited certificates for a fixed annual fee takes the guess work out of budgeting.
Comprehensive: Includes all of your domains: .edu and non-edu alike, such as athletics and professional societies.
Ease of Use: Through Sectigo's certificate manager interface, certificates are easy to order and install.
Private Label Certificate Authorities: Intermediate CAs with campus-specific profiles and practice statements are available to members who desire this functionality for an additional cost.
Getting Started
As part of an industry-wide move toward shorter SSL/TLS certificate lifespans, we are transitioning to automated certificate issuance using the Automatic Certificate Management Environment (ACME). Shorter certificate lifetimes help to reduce the impact of compromised keys and improve overall web security.
Certificate validity periods will be reduced from the current 398 days as follows:
• March 12, 2026: 199 days
• March 15, 2027: 100 days
• March 15, 2029: 47 days
Because of these shorter lifespans, manual certificate management will become increasingly difficult to maintain reliably due to more frequent renewals and more frequent DCV checks.
We will continue using Sectigo as our Certificate Authority. Teams that require SSL/TLS certificates will be granted access to Sectigo Cert Manager, where certificates can be issued and managed either manually through the portal or through ACME-based automation. ACME automation is strongly recommended.
Important changes:
• Beginning March 16, 2026, our department will no longer process manual requests for new or renewed certificates.
• Certificates must be issued directly by the service owner or their department administrator through Sectigo Cert Manager or ACME.
• Existing certificates will remain valid until their current expiration date.
To receive access to Sectigo Cert Manager, please complete the following trainings:
- TLS (SSL) Certificate Management for Admins: https://nebraska.bridgeapp.com/learner/courses/de230601/enroll
- TLS (SSL) Certificates Management with ACME: https://nebraska.bridgeapp.com/learner/courses/6850a85f/enroll
After completing the training, you may request access and begin issuing certificates through Sectigo Cert Manager or by using ACME automation.
If your systems cannot support ACME automation, you may continue issuing certificates manually through Cert Manager.
Frequently Asked Questions
- How do I generate a Certificate Signing Request (CSR)?
- What certificate profiles should we use?
- In general, we use "InCommon SSL Multi Domain General Profile". When devices lack capabilities or servers have specific requirements, we may need to use alternative certificate profiles.
- I have a question about certificates!
- Put a ticket and assign it to RESP Security - Engineering - NU.
Eligibility
Pricing
There is no charge for this service, which is considered a common-good service.
Requirements
Options
Additional Information
Verification Tool
The following tool can help you manage your web sites SSL certificates.
Qualys SSL Labs
Qualys SSL Labs is a handy tool that quickly updates their web site scanner with the newest vulnerabilities. Qualys is reportedly the first site to have their scanner updated to identify the HeartBleed vulnerability. Just make sure you check the box that says “Do not show the results on the boards” If your site rates an F you don’t want that info made public.
Location
Availability/Hours
Support
For the most efficient support experience, please submit a ticket using the request form on this page. Alternatively, contact your campus Help Center location via email, by phone, or in person.