Server Certificates

Standard, storage area network (SAN), and wildcard Secure Sockets Layer (SSL) certificates provided for University departments and affiliates.

CUIT offers standard, storage area network (SAN), wildcard Secure Sockets Layer (SSL), Unified Communication, and multi-domain certificates for University departments and affiliates at no cost to you. CUIT purchased a bulk license for the InCommon Certificate Service for unlimited standard, SAN, and wildcard SSL certificates. Through an arrangement with the Internet2 InCommon consortium, these certificates are provided by Comodo, a leading commercial provider of certificates.

To request a certificate, please fill in this form via CUIT’s InCommon SSL Certificate portal. Please note the following:

  • Requests submitted via other certificate authorities will not be authorized.
  • Approvals may take up to 5 business days.
  • Initial requests for domains will take longer due to additional information that will need to be submitted and necessary changes to be made to the DNS records by the WHOIS admin contact.
  • If you are requesting a wildcard certificate, it will require additional validation by the certificate authority and you may be contacted for additional information.


All Columbia University departments and affiliates can use this service. CUIT will sign certificates for domains in and other domains controlled by Columbia University departments and affiliates subject to the University's Internet Domain Name Policy.

No. CUIT will only approve certificate requests submitted via CUIT's InCommon SSL Certificate portal. We will not authorize requests submitted via other certificate authorities.

Certificates are valid for 2 years from the date that they are issued. You will receive email directly from InCommon notifying you 30 days before your current certificate expires.

Certificate keys must be at least 2048-bit. Please note that 1024-bit keys are no longer accepted. For more information, see InCommon's key length documentation.

CSRs and their keys should not be reused. Users must generate and submit new CSRs whenever certificates are renewed.