Automated certificate renewal

Note: If you want client certificates, contact SoftwareAssetManagement@justice.gov.uk.

Where technically suitable, all new Ministry of Justice (MoJ) domains must use automated certificate techniques and services, such as AWS Certificate Manager (most preferred) or Let’s Encrypt (uses ACME)

Over time, existing MoJ domains must also be considered for migration to automated certificate provisioning and management techniques (preferably on their next certificate renewal cycle in advance of expiry) in order to reduce the consequences and management overheads of manual certificate renewal.

The MoJ acknowledges that not all systems support automated certificate management but leveraging such technology where possible reduces management overheads, the costs of such overheads and the consequences of unexpected certificate expiry.

Manual certificate requests

Where automated certificate renewal is not possible, new certificates must be acquired through the MoJ Certificates team.

To request a manually issued certificate, complete the certificate request form and send it, with a Certificate Signing Request (CSR) (and an authority email approval if not an MoJ employee e.g. 3rd party supplier), to certificates@digital.justice.gov.uk.

Note: If you want client certificates, contact SoftwareAssetManagement@justice.gov.uk.

Feedback

If you have any questions or comments about this guidance, such as suggestions for improvements, please contact: itpolicycontent@digital.justice.gov.uk.