The UW/IST Certificate Authority issues host certificates that enable secure transactions with UW/Web servers. We issue two kinds:

• We have the authority to issue certificates signed by GlobalSign and these are recognized by most browsers. GlobalSign certificates are appropriate for production services that require secured communications.
• For test and development systems we may instead issue IST-CA certificates that we sign ourselves -- these are signed by the "UW/IST Certificate Authority". These are not recognized by most browsers and for that reason are not appropriate for production services. Generally we recommend using Globalsign certificates everywhere.

NOTE: IST-CA will not issue SSL certificates for computing systems outside of the UW network. If you are not affiliated with the University of Waterloo, you will require the services of a 3rd party certificate authority. Among the more popular are DigiCert, Thawte, and GlobalSign.

Self-service certificates

We use a self-service system for issuing SSL certificates from GlobalSign. By allowing you to enter the request directly with GlobalSign, we are able to have certificates issued faster. To request a GlobalSign SSL certificate, please follow the instructions at Self-service GlobalSign SSL certificates

If you are having difficulties with the self-service SSL certificate system, you should request assistance from the UW/IST Certificate Authority. Requests are typically handled within one working day.

Disclaimer

Host Certificates are signed in good faith to certify the identity of UW/Web Servers using information provided by the site webmaster. Neither IST nor their staff can assume any liability for the services provided or the management of security on those Web Servers.

Trust and the IST-CA

Trusting any Certificate Authority (CA) is a matter of choice. Having chosen it, your software will trust certificates signed by that authority. Web browsers come with a list of certificates for some well known trusted CA's (like GlobalSign, Thawte, Verisign and Entrust). Most browsers will let you manage that list -- you may add certificates for CA's you choose to trust and remove those you choose not to trust. You should add the UW/IST (2007) CA certificate if you want to use secure Web services on test and development systems with certificates signed by that authority. To do so:

1. Follow the instructions for your browser when you add the UW/IST CA (2007) to your list of trusted Certificate Authorities.
   • Different browsers may require different certificate formats -- most will accept the IST-CA (2007) Cert in DER Format, some may require the IST-CA (2007) in PEM Format. Click on the format appropriate for your browser.

2. Then, you might want to follow the verification instructions to make certain that you loaded the right certificate.

3. And finally, see the Secure Page Demonstration to sample a secured transaction using certificates.

Instructions | UW/IST CA | Verification

1998/06/30 - 2009/08/14; (ed) UW/IST Certificate Authority

Information Systems & Technology
University of Waterloo
200 University Avenue West
Waterloo, Ontario, Canada N2L 3G1
519 888 4567 x37070

Contact Us | Give Us Feedback | Privacy Statement