Non-profit, member-based IT support for research & educational institutions

CREN members can obtain web server certificates from CREN in two ways.
  • CREN members can generate campus web server certificates from their own institutional certificate authority.

  • Members can request web server certificates from the CREN Web Server CA.
What are Web Server Certificates?

Why Use Web Server Certificates?

How to Apply for a CREN Web Server Certificate



CREN CA Pricing Chart

What are Web Server Certificates? Top

Web server certificates are digital credentials that reside on a server and set up a secure connection between that server and a client or another server. This secure connection is called a Secure Sockets Layer (SSL) session.

With an SSL session established any information sent to or from that web server is encrypted. The web server certificate provides the identity of the website owner because the Subject name in a server certificate is the DNS name of the server. The web server certificate also provides the name of the identifying Certificate Authority Service, such as CREN. For example, you can see web server certificates in use in the Netscape and IE browsers by clicking on the padlock icon and selecting the option of "View certificate."


Why Use Web Server Certificates?  Top

Web server certificates are used to secure communications to and from Web servers.

Securing access to campus services such as records containing personal, financial and academic data is an important aspect of campus security. It is important that access and control be limited to authorized users and that data is secure when transmitted.


How to Apply for a CREN Web Server Certificate  Top

The 123's of how to apply for CREN-signed Web Server Certificates.
Apply Using a Short, 2-Page FormApply for a Web Server Certificate

The application process for a CREN Web Server Certificate has two phases:

  • Application and registration process that validates the Institutional Representatives, and sets up secure communication channels
  • Request, issuance and acceptance of the Web Server Certificate
Download the CREN CA Application - Version 3.0 (August 1, 2002)
[Download in Microsoft Word or PDF Format]

An institution's Member Representative fills out the application form and then it is signed by the Campus Certificate Authority Executive Officer. You may find it helpful to also download and print the
Step-by-Step Guide - Coming Soon
[Download in Microsoft Word or PDF Format]

This Step by Step Guide has detailed email templates to guide institutional contacts through the application and signing process.

To renew a CREN Web Server Certificate, an institution's Member Representative must fill out the following renewal application form and then have it signed by the Campus Certificate Authority Executive Officer. - Version 3.0 (August 1, 2002)
[Download in Microsoft Word or PDF Format]

Begin Communicating SecurelyBegin Communicating Securely

PGP (Pretty Good Privacy) is another security tool similar to digital certificates. One advantage of PGP is that individuals and small groups can begin using PGP for securing their email with little overhead. At CREN, we use PGP to set up a secure communication channel with a technical contact at an institution during the process of requesting a CREN-signed Web Server Certificate.

The PGP Personal Public Keys that are distributed and signed during the application process are not to be confused with the Public Keys being generated for inclusion in the CREN-signed Web Server Certificates.

The PGP software may be found at the location below:
[Download a free version of PGP now from:]

For installation tips and more information on PGP, download the CREN PGP One-Pager:
[Download: Microsoft Word or PDF Format]

Locate public keys of the CREN staff at:

Documents and Policies for the CREN CADocuments and Policies for the CREN CA

I. The policies that govern the CREN CA are currently in a combined Certificate Policy/Certificate Policy Statement.

CREN CP/CPS - Version 3.0 (January 27, 2000)
[Download: Microsoft Word or PDF Format]

The CREN CP/CPS details and controls the application process from the initial verification of the institutional requestor and the request for certificate process, through the issuing, acceptance, using, suspending, revoking, and renewing of CREN CA certificates.

II. The policies that govern the PKI-Lite Trust Environment were developed by the HEPKI-TAG and HEPKI-PAG groups. The principal document is the combined CP/CPS.

HEPKI-Lite CP/CPS - Version -v 4.3 (Dec 19, 2001)
[Download: Microsoft Word or PDF Format]

The HEPKI-Lite CP/CPS describes the recommended best practices for a campus certificate authority implementing a PKI-Lite environment. A PKI-Lite environment is full-featured PKI technology deployed with existing campus standards for identification and authentication (I & A) and security. The other two documents supporting a PKI-Lite Trust environment are the HEPKI-TAG Certificate Profiles, and the Relying Party Statement.


Scenarios Top

Institutions have been implementing CREN-signed Web Sever Certificates. Here are some scenarios. If you have a scenario to share, please contact us at

Internet2 Meeting May 16, 2002
PKI & the CREN-signed Columbia CA

Other University Scenarios
Wellesley College Scenario (Coming Soon!)

Resources   Top

Certificates at MIT
This page is the resource used to support and guide MIT students, faculty and staff through the process of learning about and securing digital certificates. It can be used as a template and starting point for other institutions designing web sites for supporting digital certificate use by their campus community.

Digital Certificates: What Are They, and What Are They Doing in My Browser?
This is a pre-publication copy of an article published in the August 2002 issue of Syllabus You can also visit the Syllabus site for the above article and other interesting Syllabus articles.
[Download: Microsoft Word or PDF Format]

Security on Campus: An Interview with Jeffrey I. Schiller MIT
This article is an inteview with Jeff Schiller, MIT's network manager and security architect for MIT's Information Technology Architecture Group (ITAG). This is also published in the August 2002 issue of Syllabus. Jeff provides insights about the “negative deliverable”—security.
[Download: Microsoft Word or PDF Format]

Also, choose from a variety of PKI Resources from CREN, CREN Members, EDUCAUSE, Internet2, PKI vendors and more.

CREN CA Pricing Chart:  Top

Learn about the various membership dues and service fees along with the benefits associated with becoming a CREN member.

Digital Certificate Products and Prices

Digital Certificate Service
Member Prices
Non-Member Prices
  Certificates Included Annually with Membership Additional Certificates Initial Certificate Service Additional Certificates
Institutional Certificates with 5-year validity period. 1-3 certificates $200 1-3 certificates $750-$5000/yr dependent on Institutional Budget $200
CREN Web Server Certificates with 2-year validity period. 1-25 $49 or bundle of 10 for $450 $600 for first certificate $49 or bundle of 10 for $450
CREN RA Client Certificates for Campus Registration Authority w/12-13 month validity period. 1-5 NA 1-5 certificates
Client Certificates approved by RA Client w/ 12-13 month validity period. 100 $500 per 100 100 client certificates $500 per 100
Technical Support No Charge $300 for annual subscription

*CREN reserves the right to modify its yearly rates and discounts without notice. Modified rates will apply to new contracts and to contracts up for renewal, but will not affect existing contracts.


Corporation for Research and Educational Networking