IT Services Knowledge - Request a Wildcard Server SSL Certificate

IT Services provides free SSL certificates for any host in the uchicago.edu domain (e.g. its.uchicago.edu) or its subdomains (e.g. its.example.uchicago.edu) via the InCommon Certificate Service. The service currently provides various types of certificates including wildcard SSL certificates.

Note: Due to the increased risk associated with these certificates, they have more rigorous request validation and hosting requirements. Most servers can and should instead use single or multi-domain server certificates.

Eligibility for Wildcard Certificate

Requests must have a rationale for why a wildcard certificate is more suitable than a multi-domain SSL certificate.
All aspects of the certificate management (e.g. hosting) must be performed by a professional IT group that agrees to the hosting, communication, and revocation policies specified by Information Security.
Wildcard certificates are typically only issued for subdomains of uchicago.edu, (e.g., *.example.uchicago.edu), rather than the top-level domain.
Renewal requests must be created with a new keypair.

How to Request a Wildcard SSL Certificate

Submit Your Request

Generate your Certificate Signing Request (CSR). For specifics on generating a request please refer to your software documentation.

Email your request to certs@uchicago.edu with the following information:

Certificate Signing Request (CSR) as an attached file or in the message body (DO NOT include the private key)
Information about the requested certificate. Please provide:
- What is the business and/or operational need for this wildcard certificate?
- Why does a multi-domain certificate not meet your needs?
- The wildcard certificate, its private key, and the environment using it must be managed by professional IT staff that can commit to following secure practices as described in the Information Systems Standard (log in required). Please identify the IT Support Unit that will be managing the certificate. If that unit IT is different then the requester please cc the support unit on your request.
The email address to use when providing the wildcard certificate and related certificate management communication. Information Security requires the use of a shared departmental/organization address (e.g., support@example.uchicago.edu) rather than an individual's account. The requestor must provide campus-specific contact information, although additional technical support contacts can be a third party (e.g. a vendor).

Validation

Information Security will review the request and contact the requestor with any questions. Providing complete information in the initial request will facilitate a quicker resolution to your request.

Typically you will receive a signed certificate via email within two business days from the time your request validation has been completed.

More Information

Questions on wildcard SSL certificates, including questions on eligibility and requirements, are welcome. Direct all communication including requests to certs@uchicago.edu.