Certificates
This page describes the current solution for ordering server certificates for servers at KI.
Server certificates
You need a server certificate to ensure that your computer is communicating with the correct server and that the traffic cannot be intercepted or altered. Server certificates come in various shapes and are usually installed in web servers, mail servers, etc.
Ordering through Sectigo will end
The national agreement through SUNET will expire at the beginning of 2025. ITA recommends that you who have an issued certificate from Sectigo renew, download, and save it before the end of the year to buy time to introduce a new solution for the certificates in 2025.
The future of server certificates
The IT Office will work towards automating certificates using ACME at a free provider such as Let's Encrypt, ZeroSSL, Google or equivalent.
The assessment is that it is not sustainable to manage certificates manually as we have done in the past as the validity period continues to be shortened - the entire industry intends to reduce this to 45 days in 2027, which will mean far too much work to keep updating the certificates manually.
To apply for a certificate
Step 1: Delegation application
In order to be able to apply for a server certificate, you need to have delegation approval from the Head of Department of your department. Fill in the application form Delegeringsansökan (delegation application) with the names of the person or persons who can order a server certificate. Fill the form and send it to certifikat@ki.se. If you already have a delegation from your Head of Department, you don't need to fill in the form.
The delegation application form (Delegeringsansökan) supports digital/electronic signatures and there is room for multiple signatures. In order for the application to be approved, all signatures need to be digital/electronic. If you do not have a personal certificate, you need to print out the form and sign it manually. Scan the form with the signatures and send it to certifikat@ki.se.
Step 2: Create an account and apply for a server certificate at Sectigo
Apply for server certificate and create account at Sectigo
Important notice
The private key must be protected against unauthorized access. A backup of the private key should be made. All backups of the private key must be protected against unauthorized access.
Terminated certificates
If the certificate is no longer in use or if you suspect that the private key for a certificate has got into the wrong hands, the certificate has to be terminated.
Contact Helpdesk or certifikat@ki.se as soon as possible.
Personal certificates
Currently, it is not possible to issue new or extend existing personal certificates.
If you have any questions about certificates, please contact Helpdesk.