Security Certificates

Security Certificates (also known as SSL, TLS or X.509 certificates) are used on leased equipment in the Platform Hosting environments within the data center and by external CDT customers. These certificates are a non-proprietary protocol for securing data communications across computer networks and provide data encryption while in transit for TCP/IP connections.

As an alternative, CDT also offers delegated administrator access to customers who prefer to generate and manage their own certificates. Customers utilizing this option are provided access to CDT’s certificate console and are granted permission to issue certificates under approved third-level domains or specific URLs within root domains.

CDT provides version(s) of certificates in accordance with current certificate industry standards. Certificates are offered on both dedicated and virtual server platform configurations. CDT is authorized to offer certificates only for the following domains:

  • .ca.gov
  • .california.gov
  • .cahwnet.gov
  • .state.ca.us

CDT will:

  • Manage contract and licensing for certificate management software.
  • Serve as liaison between the customer and certificate vendor for technical issues.
  • Notify customers of upcoming renewals in accordance with the contact information provided on the Security Certificate Submittal (PDF).
    • Technology products must be within vendor supported versions to sustain availability and integrity.

Customers are expected to:

  • Notify Certificate_Services@state.ca.gov of changes to certificate contact(s).
  • Install and verify certificates purchased through CDT’s delegated administrator access or other sources.
  • Provide certificate requirements to CDT.

CDT’s goal is to provide timely, comprehensive and economical technology services. Requests for new certificates will typically be available 3 to 5 business days after the service request has been approved by all parties. Certificate renewals are processed a week prior to the current certificate expiration date. If a renewal is needed earlier, please note the requested delivery date on the service request. Certificates expire on the final day of issuance at 1700 hours.

Delays in the service request process, or server availability to obtain the certificate, may impact the timeliness of the certificate delivery.

A 25 calendar day window is provided immediately following delivery of a certificate for testing, revocation or changes.

Subscriptions to this service are available. The costs are included in the Statewide Innovation and State Web Portal fee.

To request to Add, Change, and Delete Security Certificates and CSR files, or ask a general question, submit a Service Request: Request Service Now

A completed Security Certificate Submittal (PDF) is required for new certificates and renewals prior to the start of work. Please submit one form per URL, except in the case of SAN certificates. All information must be included in, or attached to the Service Request. Multiple submittal forms may be attached to a single Service Request.

Customers requesting to use the delegated administration option should submit the Delegated Administrator Security Certificate Submittal (PDF) to initiate service setup.  Service Requests for individual certificates is not needed.

Contact your CDT Account Lead if assistance is needed with submitting a Service Request.