The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are two closely related ways of securing Internet communications. They are used in the secure form of HTTP, normally called HTTPS, but can be used to secure any stream-based protocol and are also used in the secure versions of SMTP, IMAP, POP, NNTP, LDAP, etc.
TLS and SSL require that the server end of any communication has access to a public/private key pair and a cryptographic certificate linking the server's identity to these keys. Clients must be configured to 'trust' the entity that signed this certificate. If the server and clients are controlled by the same people then certificates can be created locally, but in general they need to be signed by an organisation that clients are pre-configured to trust. In practice this involves dealing with one of the many commercial 'Certification Authorities' (CAs).
Obtaining and renewing certificates from a commercial CA normally costs money, and can be time consuming since the CA should verify the identity of the server operator, their entitlement to use the server's host name, etc. To simplify this process, the Computing Service has agreements with well known CAs under which the Computing Service acts as a 'Registration Authority' (RA), able to approve certificate requests and renewals for servers within the University. This reduces or eliminates the cost to end users of obtaining a certificate, significantly reduces the administrative cost, and speeds-up the entire process. Where costs are incurred by the University some are recharged by the Computing Service on a cost recovery basis.