InCommon Certificate Service

Introduction

Indiana University has partnered with the InCommon Certificate Service to provide unlimited free SSL certificates to IU units. This new certificate service will replace the IU Certificate Authority (IUCA), and is available to all IU campuses.

Under the existing arrangement with InCommon, there is no charge for production certificates, and certificates can be used for all levels of service. The back-end vendor/Certificate Authority is Comodo, so the certs will work in all mainstream operating systems, web browsers, email clients, etc.

All certificates are available for a period of one, two, and three years. More information about the service can be found on the InCommon Cert Service page.

Note — Webserve users: please contact the IU Webmaster before taking any further action.

top

What products are available?

The InCommon Certificate Service makes the following products available:

  • Standard SSL/TLS Server certificates
  • Extended Validation (EV) Certificates
    see below
  • Multi-Domain Certificates
    supporting up to 100 Subject Alternative Names, or SAN
  • Wildcard certificates (some restrictions apply)
  • Code-signing certificates
    see below
  • Client/Personal certificates
    see below

Extended Validation (EV) Certificates

EV Certificates are available from the Comodo Certificate Authority through this service. Due to the nature of the validation, the process for obtaining an EV certificate is significantly longer; please plan ahead.

To request an EV certificate:

  1. Select "EV certificate" via the standard certificate request process and submit the CSR
    • UISO will approve the CSR request and forward it to Comodo
    • Record your order number; you will need it.
  2. Download and complete the IU-Comodo EV Certificate Request Form
    • Complete only the Certificate Requester section, found on Page 2.
    • For legal reasons, the pre-populated form fields must not be altered, or your request will be denied. EV certificates are available to all campuses.
  3. Send the completed form to Comodo via email or fax.You must include your order number, either in the body of the email or a fax cover sheet.

For more information, visit the InCommon Extended Validation Certificates. Note: this page will indicate that the submission of a Subscriber Agreement and Legal Opinion letter are required. These have already been submitted on behalf of Indiana University; you may discard those details. You need only submit the Comodo EV Certificate Request Form.

A Note Regarding the "Organization" of the EV Certificates

Indiana University's EV SSL/TLS CertificatesFor legal reasons, the Organization Name found on the EV certificate (displayed in the "green" browser indicator) MUST be an organization's full legal name, as listed in official records. For IU (or any of IU's domains), this is: "Indiana University" (as displayed).

Unfortunately, certificate authorities are unable to issue EV certificates bearing any other name — including those of a department, office, or service. Attempts to falisify or modify the Certificate Request form will be denied and considered a breach of university policy.

For more information, visit the CA/Browser Forum.

Code-signing Certificates

Code-signing Certificates are available from the Comodo Certificate Authority through this service. The process of obtaining one is unique and must be initiated by the UISO. If you need a code-signing cert, please send a request via email to ca-admin@uiso.iu.edu. UISO will initate a code-signing cert request, and you will receive an email message from Comodo explaining your next steps.

top

Client/Personal Certificates

Client Certificates, also known as S/MIME Certs and sometimes Personal Certificates.

top

Certificate Signing Requests (CSR)

Certificate Signing Requests must be submitted at this URL:

https://cert-manager.com/customer/InCommon/ssl?action=enroll
Enter iucerts in the Access Code field, and your email address in the E-Mail field.

top

Technical Support

Technical support and troubleshooting is being provided by Comodo via email, a web ticketing system and telephone. Comodo's web site includes a Knowledge Base and step-by-step troubleshooting guide.

More information can be found at support.comodo.com.
Please note: you must register to take advantage of support.

For questions about the transition from Thawte to InCommon, or other questions not related to technical support, please contact the IUCA Admin via email at ca-admin@uiso.iu.edu.

top

Frequently Asked Questions

For more information about the InCommon Cert Service, visit our Frequently Asked Questions.

top

Security & Policy Blog Posts

  • Drupal announced the availability of a patch to fix a critical SQL injection vulnerability in Drupal 7.
  • Creating and maintaining a disaster recovery plan for departments and thier critical services
  • How workplace culture affects information security and how that culture can be improved.
  • The FBI has issued a public service bulletin regarding recent cyber-crimes which target university employees and students. Criminal activities involve payroll and IRS filings.

    Recent Security Bulletins

  • Vulnerability in SSL 3.0
  • Critical Bash Exploit: Shellshock
  • Vulnerability in OpenSSL versions 1.0.1 before 1.0.1g
  • New ransomware named CryptoLocker threatens to destroy data unless a payment is made.
    • Read the PSIA Blog
    • IU Notify
    • Crime Prevention Tips from IUPD
    • Request Assistance from Environmental Health and Safety
    • Secure Your Computer