With the launch of the new certificate service in partnership with DigiCert, we’ve compiled answers to the most common questions to help you navigate the framework. From pricing changes to automation options and support channels, this Q&A covers everything you need to know to get started and make the most of the service.
How do I get a certificate?
You’ll need a DigiCert CertCentral account. Once set up, contact DigiCert to purchase certificate packs. See the Framework Buyer’s Guide for step-by-step instructions.
What is Jisc’s role in the framework?
Jisc established the framework with DigiCert, but all certificate purchases, setup, management and support are handled directly by DigiCert.
Where can I get help?
For technical issues, installation or purchases, contact DigiCert via the details in the Framework Buyer’s Guide.
What safeguards are in place to avoid past issues?
We’ve introduced regular service reviews and open communication channels to proactively manage risks and concerns.
Why are prices higher than before?
Previous pricing was exceptional but unsustainable. DigiCert’s current rates were the most competitive during procurement and remain significantly lower than their retail pricing.
How does the new pricing work?
Pricing is now based on the number of SANs (Subjective Alternative Names), rather than a flat rate per certificate.
Why use Jisc’s Framework instead of going direct to DigiCert?
You’ll benefit from savings of over 70% off MSRP on selected products.
Is automation included in the framework?
The agreement covers digital certificates only. Business support and automated renewals are included, but installation automated must be enabled via DigiCert and may incur additional costs. Trust and Identity Consultancy will soon offer this as part of their standard consultancy support portfolio. Note: consultancy is a separate, chargeable service outside the Jisc Certificate Framework.
We used to get 3 free certificates with our Jisc Subscription. Is that still available?
This is currently under review by Jisc’s Executive Leadership Team.
How do DigiCert plan to address the new TLS certificate lifetime due to come into force?
DigiCert has been proactively preparing for shorter certificate validity periods for several years. Internally, they’ve focused on automating their systems as much as possible, while also building tools that empower customers to manage their own automation—including automatic domain control validation.
As certificate lifetimes shrink (from 200 days to 100, and potentially to every 47 days), DigiCert customers won’t be penalized by the increased issuance frequency. DigiCert customers only pay for the domains they need to protect, not the number of certificates needed to be issued against those domains.
When a certificate’s max validity period drops to 47 days, does that mean using 8/9 credits per year?
No — the shortened validity doesn’t affect cost. You can reissue the certificate as many times as needed within your contract period.
What is the advantage of this service to LetsEncrypt?
Let’s Encrypt is an open-source certificate authority that operates without formal support channels—there are no SLAs, warranties, or dedicated technical assistance. Users are fully responsible for configuring, maintaining, and troubleshooting their own setups. Additionally, Let’s Encrypt certificates are explicitly prohibited in fail-safe or high-risk environments where outages could cause harm, as all liability rests with the user. They limit issuance rate, so organisations must plan carefully, using the staging environment for testing and staggering certificate renewals to avoid hitting production limits.
Does Certbot integration incur any additional cost?
No, Certbot integration itself isn’t chargeable.
Do wildcard certificates automatically include two SANs, and will DigiCert charge for both?
No — wildcards come with 2 sans automatically.
Can blocks of 100 SANs be split across multiple certificates?
Yes. For example, you could use 10 certificates with 10 SANs each, or one certificate with up to 100 SANs. Pricing is based on Fully Qualified Domain SANs (FQDNs). While you can add many SANs to a certificate, it’s not best practice for critical systems — those should have dedicated certificates.
How long does it take to credit the account?
Normally 24/48 hours from receipt of purchase order, timings may vary depending on seasonal demand, workload and resourcing.
Is “www.” included in an OV certificate, or does it count as a separate SAN?
It counts as one certificate with two SANs: domain.com and www.domain.com.
Thanks for reading! We’ll be sharing more updates soon in the meantime, if you have any questions or feedback, please reach out to the service desk at certificates@jisc.ac.uk.
