APTrust uses the HTTPS method to provide security to their data in transit, especially across the public internet space. SSL certificates are critical for authenticating an entity and domain identity, as well as the encryption and decryption of data. As part of securing the APTrust environment, the latest iteration has simplified the management and generation of certificates, and lowered the number required. 

The majority of SSL certificates for APTrust are hosted on the APTrust WordPress site. ALL domains owned by APTrust point to WordPress at the top level of the domain. They are:

• academicpreservationtrust.org
• academicpreservationtrust.info
• academicpreservationtrust.net
• academicpreservationtrust.com
• aptrust.org

WordPress Engine (hosting location) manages the lifecycle of the certificates using the certbot tool which APTrust used previously. However, APTrust is now no longer responsible for supporting certbot, and keeping any of that functionality operating. Certificate renewal is automatic, and is renewed on an annual basis.

The SSL certificate required for the subdomains pointing towards Registry is hosted by AWS on the ALB that handles all the connections for Registry. The SSL certificate allows for SAN ( Subject Alternative Names) enabling a single certificate to be used. It is important to note here that the ALB is where SSL is terminated, before being handed off to the containers that are part of the Registry cluster. This is a common method of handling multiple clients behind a single endpoint for scaling purposes. The certificate is provided free by AWS, and must be updated annually. An email will be sent to update the certificate when it is due.