Secure Certificates

Secure Certificates (also known as SSL, TLS or X.509 certificates) on leased equipment in the Platform Hosting environments within the data center and external CDT customers. These certificates are a non-proprietary protocol for securing data communications across computer networks and will provide data encryption while in transit for TCP/IP connections.

As an alternative, CDT also offers delegated administrator access to customers who prefer to generate and manage their own certificates. Customers utilizing this option are provided to access CDT’s certificate console and are granted permission to issue certificates under approved third level domains or specific URLs within root domains.

CDT provides version(s) of certificates in accordance with current certificate industry standards. Certificates are offered on both dedicated and virtual server platform configurations. CDT is authorized to offer certificates only for the following domains:

  • .ca.gov
  • .california.gov
  • .cahwnet.gov
  • .state.ca.us

 

CDT will:

  • Manage contract and licensing for certificate management software.
  • Serve as liaison between the customer and certificate vendor for technical issues.
  • Notify customers of upcoming renewals in accordance with the contact information provided on the Secure Certificate Submittal (PDF).
    • Technology products must be within vendor supported versions to sustain availability and integrity.

 

 

Customers are expected to:

  • Notify Certificate_Services@state.ca.gov of changes to certificate contact(s).
  • Install and verify certificates purchased through CDT’s delegated administrator access or other sources.
  • Provide certificate requirements to CDT.

 

CDT’s goal is to provide timely, comprehensive and economical technology services. Requests for new certificates will typically be available 3 to 5 business days after the service request has been approved by all parties. Certificate renewals are processed a week prior to the current certificate expiration date. If a renewal is needed earlier, please note the requested delivery date on the service request. Certificates expire on the final day of issuance at 1700 hours.

Delays in the service request process, or server availability to obtain the certificate, may impact the timeliness of the certificate delivery.

A 25 calendar day window is provided immediately following delivery of a certificate for testing, revocation or changes.

Subscriptions to this service are available and can be referenced in the CDT Rate Schedule.

Service CodeService DescriptionUnit of MeasurementRateGroupComment(s)
I207Secure Server CertificateCertificate/AnnuallyVariableWeb Services

To request to Add, Change, and Delete Secure Certificates and CSR file, or ask a general question, submit a service request through Remedy: Request Service Now

A completed Secure Certificate Submittal (PDF) is required for new certificates and renewals prior to the start of work. Please submit one form per URL, except in the case of SAN certificates. All information must be included in, or attached to the Service Request. Multiple submittal forms may be attached to a single Service Request.

Customers requesting to use the delegated administration option should submit the Delegated Administrator Secure Certificate Submittal (PDF) to initiate service setup.  Service Requests for individual certificates is not needed.

Contact your CDT Account Lead if assistance is needed with submitting a Service Request.