InCommon Certificate Service

Introduction

Indiana University has partnered with the InCommon Certificate Service to provide unlimited free SSL certificates to IU units. This new certificate service will replace the IU Certificate Authority (IUCA), and is available to all IU campuses.

Under the existing arrangement with InCommon, there is no charge for production certificates, and certificates can be used for all levels of service. The back-end vendor/Certificate Authority is Comodo, so the certs will work in all mainstream operating systems, web browsers, email clients, etc.

All certificates are available for a period of one, two, and three years. More information about the service can be found on the InCommon Cert Service page.

Note — Webserve users: please contact the IU Webmaster before taking any further action.

top

What products are available?

The InCommon Certificate Service makes the following products available:

  • Standard SSL/TLS Server certificates
  • Extended Validation (EV) Certificates
    see below
  • Multi-Domain Certificates
    supporting up to 100 Subject Alternative Names, or SAN
  • Wildcard certificates (some restrictions apply)
  • Code-signing certificates
    see below
  • Client/Personal certificates
    see below

Extended Validation (EV) Certificates

EV Certificates are available from the Comodo Certificate Authority through this service. Due to the nature of the validation, the process for obtaining an EV certificate is significantly longer; please plan ahead.

To request an EV certificate:

  1. Select "EV certificate" via the standard certificate request process and submit the CSR
    • UISO will approve the CSR request and forward it to Comodo
    • Record your order number; you will need it.
  2. Download and complete the IU-Comodo EV Certificate Request Form
    • Complete only the Certificate Requester section, found on Page 2.
    • For legal reasons, the pre-populated form fields must not be altered, or your request will be denied. EV certificates are available to all campuses.
  3. Send the completed form to Comodo via email or fax.You must include your order number, either in the body of the email or a fax cover sheet.

For more information, visit the InCommon Extended Validation Certificates. Note: this page will indicate that the submission of a Subscriber Agreement and Legal Opinion letter are required. These have already been submitted on behalf of Indiana University; you may discard those details. You need only submit the Comodo EV Certificate Request Form.

A Note Regarding the "Organization" of the EV Certificates

Indiana University's EV SSL/TLS CertificatesFor legal reasons, the Organization Name found on the EV certificate (displayed in the "green" browser indicator) MUST be an organization's full legal name, as listed in official records. For IU (or any of IU's domains), this is: "Indiana University" (as displayed).

Unfortunately, certificate authorities are unable to issue EV certificates bearing any other name — including those of a department, office, or service. Attempts to falisify or modify the Certificate Request form will be denied and considered a breach of university policy.

For more information, visit the CA/Browser Forum.

Code-signing Certificates

Code-signing Certificates are available from the Comodo Certificate Authority through this service. The process of obtaining one is unique and must be initiated by the UISO. If you need a code-signing cert, please send a request via email to ca-admin@uiso.iu.edu. UISO will initate a code-signing cert request, and you will receive an email message from Comodo explaining your next steps.

top

Client/Personal Certificates

Client Certificates, also known as S/MIME Certs and sometimes Personal Certificates.

top

Certificate Signing Requests (CSR)

Certificate Signing Requests must be submitted at this URL:

https://cert-manager.com/customer/InCommon/ssl?action=enroll
Enter iucerts in the Access Code field, and your email address in the E-Mail field.

top

Technical Support

Technical support and troubleshooting is being provided by Comodo via email, a web ticketing system and telephone. Comodo's web site includes a Knowledge Base and step-by-step troubleshooting guide.

More information can be found at support.comodo.com.
Please note: you must register to take advantage of support.

For questions about the transition from Thawte to InCommon, or other questions not related to technical support, please contact the IUCA Admin via email at ca-admin@uiso.iu.edu.

top

Frequently Asked Questions

For more information about the InCommon Cert Service, visit our Frequently Asked Questions.

top

Security & Policy Blog Posts

  • May 17, 2013 at 12:52 PM

    • Critical Linux Kernel Security Update
    A local, unprivileged user can use a Linux kernel flaw to gain escalated privileges, without authentication, on a system running a Linux kernel. Technical details, as well as exploit code, have been publically released.
  • April 10, 2013 at 4:07 PM

    • S/MIME certificates available
    S/MIME certificates are now available to all IU personnel at no cost.
  • March 13, 2013 at 4:00 PM

    • Policy Draft IT-28 Provisioning of IT Services
    IU VP for IT and Chief Information Officer, Brad Wheeler, spoke at a town hall meeting on March 8th on the subject of, “Mitigating Cyber Risks,” including the current risk environment, and the development of IT-28.
  • March 1, 2013 at 5:06 PM

    • Domain 12: Compliance
    As Jacqueline Simmons explains, IU operates in a complex legal, regulatory, & contractual environment, with responsibilities to comply with applicable legal, regulatory, & contractual requirements regarding safeguards over information and information assets. Doing so protects the university's reputation & minimizes the risk of negative financial consequences associated with noncompliance.

    Recent Security Bulletins

  • February 12, 2013 at 11:03 AM

    • Vulnerabilities in Adobe ColdFusion
    This bulletin details four recently published, critical rated, vulnerabillies in Adobe ColdFusion and ways to mitigate the risk of them being exploited including the hotfix for supported versions.
  • January 22, 2013 at 9:02 AM

    • Java Security Recommendations
    As the use of Java applets on websites continues to diminish and in light of the rash of recent vulnerability exploits, the implications of installing Java for use in web browsers should be considered carefully.
  • January 10, 2013 at 1:59 PM

    • Zero Day Java 7 Vulnerability
    On January 10, 2013, security researchers reported a zeroday vulnerability in Oracle Java 1.7u10.
  • November 8, 2012 at 3:50 PM

    • Vulnerability in Symantec Endpoint Protection
    On November 5th, 2012, the United States Computer Emergency Readiness Team (US-CERT) website announced their researcher had discovered a vulnerability in the way some versions of Symantec Endpoint Protections handle CAB files. This vulnerability may allow an unauthenticated remote or local attacker to execute arbitrary code with SYSTEM privileges on a targeted computer.
    • Read the PSIA Blog
    • IU Notify
    • Crime Prevention Tips from IUPD
    • Request Assistance from Environmental Health and Safety
    • Secure Your Computer