Since 10 November our faculty has a new website! The old website will still be available at for now. Something is broken? Please report it to or use our webform.

Webserver and SSL Setup

The university allows you to get a certificate from the TERENA certification authority free of charge. You can apply for it yourself or, should you need any help, write to Alternatively, you can also use the Let's Encrypt certification authority. Once again, you can contact the authority by yourself or you may use and have your LE certificate issued via unix@fi.

In addition to introducing HTTPS, please make sure the configuration is reasonably secure. To test your configuration, you may use the following tools:

SSL Parameters

The best way is to use the configuration generator available at This tool generates configurations based upon the latest cryptographic/security recommendations.

We recommend to test the used configuration using Qualys (see above). You should target Qualys Score A- or A. However, note that some older clients may not support secure enough ciphers when you are targeting score A.

HTTP Strict Transport Security – HSTS

If you are creating a new website, it is particularly important to redirect HTTP to HTTPS straightaway and use a HTTP header—HSTS—which ensures that browsers will access the web exclusively via HTTPS for some time.

If the Apache webserver is used, the configuration would look as follows:

    Redirect permanent /

    # gradually increase up to max-age=15552000
    Header always set Strict-Transport-Security "max-age=3600;"

The time period for browsers to remember that HTTPS must be used is determined by max-age. To avoid any potential issues, for existing websites it is recommended that you start with a low value which is gradually increased. For instance an hour (3600), a day (86400), a week (604800), a month (2592000), until you get to a period of half a year (15552000).