Security Certificates

Security Certificates (also known as SSL, TLS or X.509 certificates) are used on leased equipment in the Platform Hosting environments within the data center and by external CDT customers. These certificates are a non-proprietary protocol for securing data communications across computer networks and provide data encryption while in transit for TCP/IP connections.

As an alternative, CDT also offers delegated administrator access to customers who prefer to generate and manage their own certificates. Customers utilizing this option are provided access to CDT’s certificate console and are granted permission to issue certificates under approved third-level domains or specific URLs within root domains.

CDT provides version(s) of certificates in accordance with current certificate industry standards. Certificates are offered on both dedicated and virtual server platform configurations. CDT is authorized to offer certificates only for the following domains:

  • .ca.gov
  • .california.gov
  • .cahwnet.gov
  • .state.ca.us

CDT will:

  • Manage contract and licensing for certificate management software.
  • Serve as liaison between the customer and certificate vendor for technical issues.
  • Notify customers of upcoming renewals in accordance with the contact information provided on the Security Certificate Submittal.
    • Technology products must be within vendor supported versions to sustain availability and integrity.

Customers are expected to:

  • Notify Certificate_Services@state.ca.gov of changes to certificate contact(s).
  • Install and verify certificates purchased through CDT’s delegated administrator access or other sources.
  • Provide certificate requirements to CDT.

CDT’s goal is to provide timely, comprehensive and economical technology services. Requests for new certificates will typically be available 3 to 5 business days after the Case/Request has been approved by all parties. Certificate renewals are processed a week prior to the current certificate expiration date. If a renewal is needed earlier, please note the requested delivery date on the Case/Request. Certificates expire on the final day of issuance at 1700 hours. Delays in the Case/Request process, or server availability to obtain the certificate, may impact the timeliness of the certificate delivery. A 25-calendar day window is provided immediately following delivery of a certificate for testing, revocation or changes.

Frequently Asked Questions

  1. Is there a document that outlines the process, technical questions, and roles and responsibilities?
    • Yes. To request a copy of the Guidelines or the Submittal Process document, please contact us by telephone at (916) 464-4311 or email at ServiceDesk@state.ca.gov. In addition, if you would like the document in an alternative format or request any other reasonable accommodation, we will work with you to make that information available.
  2. Who applies the certificates?
    • Certificate application is included in the offering with an associated cost where CDT manages customer web servers, certificate procurement, installation, and administration.
      Self-managed is a no-cost option which offers customers delegated administrator access. Customers utilizing this option are provided access to CDT’s certificate console and are granted permission to issue certificates under approved, third level domains or specific URLs within root domains.
  3. Does my ID or password expire?
    • The ID does not expire. The password expires every 90 days.
  4. Does CDT provide training for the delegated administrator portal?
    • Once enrollment is complete, each customer is emailed a PowerPoint presentation along with their login information. If additional training is required, a personal training session is scheduled.
  5. How is training conducted (classroom, conference call or WebEx)?
    • Training is delivered remotely via conference call.
  6. How long is the training session?
    • Approximately 30 minutes.

Subscriptions to this service are available. The costs are included in the Statewide Innovation and State Web Portal fee.

To request to Add, Change, and Delete Security Certificates and CSR files, or ask a general question, submit a Case/Request:  Order Now

A completed Security Certificate Submittal is required for new certificates and renewals prior to the start of work. Please submit one form per URL, except in the case of SAN certificates. All information must be included in, or attached to the Case/Request. Multiple submittal forms may be attached to a single Case/Request. Customers requesting to use the delegated administration option should submit the Delegated Administrator Security Certificate Submittal to initiate service setup. Cases/Requests for individual certificates is not needed.