Jisc SSL certificate service

Here at Jisc, we have been helping customers protect their websites through our certificate service. The service allows customers to obtain secure socket layer (SSL) certificates which are a vital part of internet security.

The service was originally launched in 2006, with the roll-out of an enhanced service in May 2015 that allowed us to deliver a more agile, responsive offering. As we approach the first anniversary for this service, now is a good time to give you a recap on what efficiencies we achieved for the sector. The figures are good – using this service saved UK research and education over £1m  in 2014-2015.

At the beginning of the development process we recognised that we had a real opportunity to deliver service improvements and financial savings. By aggregating demand for SSL certificates on behalf of UK research and education we were able to do just that and respond to the changing requirements for digital certificates.

You had told us that you wanted a much more streamlined process. The existing call back process, whilst necessary at the time, added significant delays to the time it took to receive a new certificate. It was becoming a barrier for you and impacting on your ability to respond to business needs. At the same time, with online security and protecting data becoming more and more important, we were aware that verification was absolutely necessary. The fact that the steps were needed didn’t mean that we shouldn’t investigate ways to reduce the burden on customers.

Under the new service with QuoVadis, we are able to do a large amount of customer validation up front. How? Being part of the community for over 30 years means we are able to capitalise on our unique position and to do the pre-validation work.

Carrying out the verification allowed us to bring in additional validation steps and to increase security around the entire certificate issuance process with little impact on customers. Offering a streamlined, more secure service for customers was our primary aim. The end result is that customers can now receive a new high assurance certificate in a matter of minutes instead of hours or days as was previously the case.

The use of high assurance digital certificates on your websites can help protect staff, students and visitors from phishing attacks. It is important not only for your users and visitors but for your organisation as well. Phishing attacks cost UK consumers £174.4m in 2015 with the National Fraud Intelligence Bureau indicating that they receive over 8,000 reports of phishing scams every month. The cost to business is unknown and our aim is to help you protect yourself from these attacks.

Knowing about the danger and being able to respond are two different issues. Budget constraints often cloud the purchasing decision. Why should you have to compromise on user security because of budget constraints? With the new service, you don’t have to. You can purchase the highest assurance (EV) certificates for the same price as medium assurance (OV) certificates. Commercial providers charge significantly more for 2 year EV certificates. Through Jisc you can purchase EV certificates for 1 and even 2 years for the same price as an OV certificate.

Since the new service launched in 2015, we have seen a 200% increase in the number of customers moving to EV certificates. In order to protect users, we would encourage all of our customers to use EV certificates as standard. So when you receive a notification that you have a certificate that is due to expire, your standard response should be to select EV instead of OV and then click renew.

Think of EV as the new ‘standard’ not an unaffordable extra.

Simon Cooper is the trust and identity services group manager at Jisc.