[Skip navigation links]

Certificate volumes

Since 2012, fees for the AusCERT Certificate Service have been based on the size of the subscribing institution.  For Australian universities, FTE numbers are based on figures published by the Australian government Department of Education, and for New Zealand, are based on data in the annual Tertiary Education Performance Report, published by the Tertiary Education Commission.

With the advent of the new service to be provided by QuoVadis in July 2014, we have modified some certificate volume limits going forward.  These changes are designed to ensure that universities still have access to the certificates they need, but means we collectively don't pay for large volumes of some certificates (specifically S/MIME certificates) that are only used in small numbers.

EVSSL, SSL and code-signing certificates

Under the new Sub-LRA Agreement, universities will continue to have access to unlimited SSL, EVSSL and code-signing certificates included in their annual fee. SSL certificates are the most common certificate type in use.  

IGTF accredited grid certificates

For the first time, IGTF grid certificates are now included in the standard AusCERT Certificate Service.  These are special certificates required to managing computing grid resources and are not for general use. These include personal and host grid certificates. Not all universities will use these certificates, but they are available on request for those that need them as part of their annual fee. Universities will be able to obtain the following number of grid certificates, based on their size.   See Table 1 below. If these limits* are not sufficient, then please contact AusCERT.  It may be possible for AusCERT to approve and allocate more if overall numbers permit.*  For further details, see the process for obtaining grid certificates.

Alternatively, if an institution does not wish to subscribe to the standard AusCERT Certificate Service, it may purchase grid certificates only and the aforementioned certificate limits as outlined in Table 1 below do not apply.  In this case, a minimum of 5 grid certificates must be purchased per annum.  Institutions may order and pay for any number of additional grid certificates above this figure on a per certificate basis per annum.  

QV Advanced Plus Certificates

For the first time, we are able to offer a trial of QV Advanced Plus Certificates.  Advanced Plus certificates a high assurance certificate that are signed by the QuoVadis Issuing Certificate Authority (ICA), which is in the Adobe Approved Trust List.  This means that they are suitable for signing PDF documents, and will display a trusted signature to relying parties that view the signed PDF when opened in Adobe Reader.  The certificates can also be used for encryption and client authentication too.

As part of the high assurance requirements, QV Advanced Plus certificates can only be issued after the applicant has had a face to face meeting with the confirming person, and provided a copy of their identity documentation and forwarded this to QuoVadis.  QV Advanced Plus certificates may only be issued on to a secure signature creation device. These are cryptographically protected USBs with security features designed to protect the private key from compromise.  For further details see the process for obtaining QV Advanced Plus Certificates.

If there is an interest in obtaining more Advanced Plus Certificates, please let us know. At this time only one is include as a trial.  Further certificates will incur additional fees.

S/MIME certificates

S/MIME certificates can be used for encryption and digital signing, and/or client side authentication and are able to be used with email applications.  They are a low assurance certificate, which means they can be issued to anyone authorised by the Sub-LRA to an email address for a domain belonging to the Sub-LRA.  

In 2012, AusCERT provided access to unlimited volumes of S/MIME certificates as part of the annual fee.  However, the overall uptake of this certificate type was very small.  To reduce costs, we have obtained limited numbers of S/MIME certificates, to accommodate overall volumes already, while allowing for some modest room for growth.

If these limits are not sufficient, please contact AusCERT.  It may be possible to approve and allocate more, if overall numbers already allocated permit.**

Volume limits

Volume limits only apply to S/MIME, grid certificates and QV Advanced Plus certificates that are being offered for trial only.

Subject to prior written approval with AusCERT, there may be some capacity to increase the volume limits for S/MIME and grid certificates.  Please contact AusCERT.

FTE Number S/MIME certificates** IGTF grid host and end-user certificates* QV Advanced Plus Certificates (trial)
Tier 5 4,000 or more FTE  32 6 1
Tier 4 3,000 - 3,999 FTE 30 4 1
Tier 3 2,000 - 2,999 FTE 28 2 1
Tier 2 1,000 - 1,999 FTE 26 1 1
Tier 1 up to 999 FTE 5 1 1
School any size 0 0 0

Table 1

Affordable, equitable and flexible

The new pricing model makes subscription to the service affordable to institutions of all sizes, by leveraging an organisation's 'ability to pay'. Organisations will now find a membership level that suits its budget. For those that sign the new Sub-LRA Agreement in 2014, the annual fee has been reduced compared to 2014 fees under the PO Agreement; and the range of services will increase. Importantly, SSL and EVSSL certificates are still unlimited, so there are no restrictions on volumes and these can be applied when ever required for internal and external facing systems.

Statement from an AusCERT CS subscriber

"We decided a couple of things once we had access to "free certs".

1. We would use SSL on anything that mattered -- not just to protect credentials. 2. We would issue 'real' certs for dev, test and prod so that we did not get nasty surprises when things hit production. I believe that the both of these were sound decisions but they were only feasible once we stopped paying $USD200 per year per certificate."