...
Clients wishing to run SSL services must contact the system administrator for their system to request an SSL certificate.For any service running on a CUIT host, the system or application administrators are responsible for generating the private/public keypair and submitting the CSR to Service Now via https://www1.columbia.edu/sec/acis/ssl/request.shtml. For services running on non-CUIT hosts, the system administrator of that host shall submit the CSR via https://www1.columbia.edu/sec/acis/ssl/request.shtml.
...
CUIT will sign CSRs and configure keys/certificates, as needed, within 5 business days of their request. If new certificates for non-columbia.edu domains are requested, requests will take longer (generally 5 business days longer) since domain owners will need to authorize InCommon to allow CUIT to sign certificates for that domain.
...
Certificates can be obtained for a 1 or 2 year period. Warning emails will be sent by InCommon to the certificate owners as the expiration date nears. For CUIT systems, a Service Now incident will be automatically opened to track the certificate renewal. CUIT assumes no responsibility for the expiration of certificates on non-CUIT systems. It is the certificate owner’s responsibility to request a new cert when needed.
Reusing CSRs
Certificate Signing Requests (CSR) shall not be reused. Users must generate and submit new CSRs whenever certificates are renewed.
...