InCommon Certificate Service
- Introduction
- What products are available?
- Certificate Signing Requests (CSR)
- Technical Support
- Frequently Asked Questions
Introduction
Indiana University has partnered with the InCommon Certificate Service to provide unlimited free SSL certificates to IU units. This new certificate service will replace the IU Certificate Authority (IUCA), and is available to all IU campuses.
- For more information about the InCommon Cert Service, visit our Frequently Asked Questions.
- For more information about SSL certificates, visit: What are secure web sites and SSL certificates? in the IU Knowledge Base
Under the existing arrangement with InCommon, there is no charge for production certificates, and certificates can be used for all levels of service. The back-end vendor/Certificate Authority is Comodo, so the certs will work in all mainstream operating systems, web browsers, email clients, etc.
All certificates are available for a period of one, two, and three years. More information about the service can be found on the InCommon Cert Service page.
Note — Webserve users: please contact the IU Webmaster before taking any further action.
What products are available?
The InCommon Certificate Service makes the following products available:
- Standard SSL/TLS Server certificates
- Extended Validation (EV) Certificates
↓ see below - Multi-Domain Certificates
supporting up to 100 Subject Alternative Names, or SAN - Wildcard certificates (some restrictions apply)
- Code-signing certificates
↓see below - Client/Personal certificates
↓see below
Extended Validation (EV) Certificates
EV Certificates are available from the Comodo Certificate Authority through this service. Due to the nature of the validation, the process for obtaining an EV certificate is significantly longer; please plan ahead.
To request an EV certificate:
- Select "EV certificate" via the standard certificate request process and submit the CSR
- UISO will approve the CSR request and forward it to Comodo
- Record your order number; you will need it.
- Download and complete the IU-Comodo EV Certificate Request Form
- Complete only the Certificate Requester section, found on Page 2.
- For legal reasons, the pre-populated form fields must not be altered, or your request will be denied. EV certificates are available to all campuses.
- Send the completed form to Comodo via email or fax.
- Email: evdocs@comodo.com
- Fax: 1-866-446-7704
For more information, visit the InCommon Extended Validation Certificates. Note: this page will indicate that the submission of a Subscriber Agreement and Legal Opinion letter are required. These have already been submitted on behalf of Indiana University; you may discard those details. You need only submit the Comodo EV Certificate Request Form.
A Note Regarding the "Organization" of the EV Certificates
For legal reasons, the Organization Name found on the EV certificate (displayed in the "green" browser indicator) MUST be an organization's full legal name, as listed in official records. For IU (or any of IU's domains), this is: "Indiana University" (as displayed).
Unfortunately, certificate authorities are unable to issue EV certificates bearing any other name — including those of a department, office, or service. Attempts to falisify or modify the Certificate Request form will be denied and considered a breach of university policy.
For more information, visit the CA/Browser Forum.
Code-signing Certificates
Code-signing Certificates are available from the Comodo Certificate Authority through this service. The process of obtaining one is unique and must be initiated by the UISO. If you need a code-signing cert, please send a request via email to ca-admin@uiso.iu.edu. UISO will initate a code-signing cert request, and you will receive an email message from Comodo explaining your next steps.
Client/Personal Certificates
Client Certificates, also known as S/MIME Certs and sometimes personal certificates, will soon be available. To read more and join the test pilot, visit our Blog.
Certificate Signing Requests (CSR)
Certificate Signing Requests must be submitted at this URL:
https://cert-manager.com/customer/InCommon/ssl?action=enroll
Enter iucerts in the Access Code field, and your email address in the E-Mail field.
Technical Support
Technical support and troubleshooting is being provided by Comodo via email, a web ticketing system and telephone. Comodo's web site includes a Knowledge Base and step-by-step troubleshooting guide.
More information can be found at support.comodo.com.
Please note: you must register to take advantage of support.
- Email: support@comodo.com (24x7)
- Web: support.comodo.com (24x7)
- Phone:+1-888-266-6361, +1-703-581-6361 (5:00 AM – 8:00 PM EST, Mon-Fri)
For questions about the transition from Thawte to InCommon, or other questions not related to technical support, please contact the IUCA Admin via email at ca-admin@uiso.iu.edu.
Frequently Asked Questions
For more information about the InCommon Cert Service, visit our Frequently Asked Questions.
