SSL Certificate FAQs

SSL Certificate Frequently Asked Questions.

SSL Certificate Frequently Asked Questions

Requesting a Certificate
Installing a Certificate
Renewing a Certificate
  1. How soon can I renew an existing server certificate?
  2. When are renewal notices sent?
  3. How do I renew certificate?


  1. Who can order an SSL certificate? 
    In general, any UW Madison faculty and staff can request a certificate.  The certificate requester must also agree to the following:
    • "I am responsible for running a service which uses this fully qualified domain name(s) and part of my responsibility as a employee of the UW Madison is to secure this domain. The sole purpose of my use of this certificate is for securing this domain(s) and not for malicious or other fraudulent purposes. If I suspect that the private key associated with this certificate is lost or compromised I will contact and seek immediate revocation."

  2. How much does a certificate cost? 
    DoIT's has absorbed the annual cost to issue SSL certificates. At this time, there is no cost to campus units.

    -- Additionally, free automatically renewable certificates are available via Let's Encrypt:

  3. How do I get support if I have a question or have trouble getting, ordering or installing a certificate? 
    This article details support options.

Requesting a Certificate

  1. What types of certificates can I order? 
    We've described the types of SSL certificates that we can issue here. Code signing and personal (user) certificates are also available.

  2. Can I use one certificate for multiple host names? 
    Yes, you can request a multi-domain certificate and include up to 100 subject alternative names (SAN) in the certificate. However, to make sure your request goes smoothly, we request that you contact for requests containing 20+ SANs. This will make your request proceeds smoothly without delay.  A typical use of a SAN is to secure a web site called and include an alternate name of
  3. Can I have a wildcard certificate,, issued for a group of hosts? 
    Since there is no longer a cost to departments, the cost incentive to use wildcard certificates should be decreased.  Use of wildcard certificates does increase risk.  A department requesting a wildcard certificate must agree to the terms of service.

  4. Can I have an extended validation (EV) server certificate? 
    EV certificates have been trending away from usage and most all popular browsers have dropped support.

    That said, EV certificates are available still in the InCommon/Comodo program but must be verified and ordered individually through Comodo.  It may take between 1-2 weeks to complete the EV certificate issuance process.  If you have a use case for a EV Certificate please contact with your CSR (Certificate Signing Request) to start the process.

  5. My web server type isn't listed in drop down for web server type ... what should I select? or I selected the wrong web server type does this matter?
    This item is purely for statistical reporting and will not impact certificate generation. You can select anything from the drop down and processing will be the same.

Installing a Certificate

  1. Can I change certificate details, e.g. common name, of an existing certificate? 
    In order to change certificate content, you will need to submit a new CSR. Submit your new CSR via the UW Server Certificate Service.

  2. What happens if I lose my private key, e.g. forget a password, corresponding to my certificate? 
    You will need to submit a new CSR. Submit your new CSR via the UW Server Certificate Service.

  3. What happens if I did not receive the certificate via email or accidentally deleted it? 
    You can contact to have the certificate information re-sent.

  4. Why do I get a "Certificate not trusted" error message after installing the certificate? 
    This is a common problem and is likely because you do not have the intermediate certificates installed on the server. See this article for why and how you need to install the intermediate certificates.

  5. How do I test that my certificates, including the intermediate certificate, is installed correctly? 
    This article describes how to test that the certificate trust chain is installed correctly.

  6. What is the Certificate trust chain for the InCommon certificates? 
    We've posted the root and intermediate certificates here and also included other commonly needed information about our organizationally and extended validation certificates.

Renewing a Certificate

  1. How soon can I renew an existing server certificate? 
    You can renew a certificate up to 90 days in advance of the certificate expiring. Please note that you will not lose any validity time when you renew.

  2. When are renewal notices sent? 
    Renewal notices are sent at 40, 30, 20, 10, 5, and 2 days out from expiration.

  3. How do I renew a certificate? 
    To renew a certificate, you can either submit a new CSR or use the old one if no changes are required. Please submit your CSR using the UW Server Certificate Service.

Keywords:server certificates ssl incommon comodo   Doc ID:18911
Owner:Jake S.Group:SSL Server Certificates
Created:2011-06-19 18:00 CSTUpdated:2021-09-07 14:49 CST
Sites:DoIT Help Desk, DoIT Web Hosting, Identity and Access Management, SSL Server Certificates
Feedback:  3   4