Public Key Certificates are electronic documents used to provide identification by using a digital signature and binding it to a public key. In order to properly identify a person or resource using a certificate, they must be validated against an issuing Certificate Authority (CA). Most Web browsers and other Internet applications hold trust lists for the most common Certificates Authorities on the Internet.
All new personal and server electronic certificates used at the University of Cincinnati are issued through InCommon, a federation organized to provide trust frameworks and standards in order to share resources between education and research institutions in the United States. Implementation of InCommon certificates allows consistent issuance, revocation, and management of the certificates and ensures that all certificates are of the same standard. There is no per unit charge for use of these certificates by UC staff, faculty and systems as the certificates are deployed as part of our enterprise license agreement with InCommons.
Secure Socket Layer (SSL) is a security protocol used to secure Internet connections. It’s typically used as a secondary protocol that is layered on top on an existing unencrypted protocol such as FTP or HTTP. Although SSL provides two-way encryption, it doesn’t provide identification. Two parties know they’re communicating securely over SSL, but they have no way of making sure the other party truly is who it claims to be. Because SSL is built into all major browsers and Web servers, simply installing a digital certificate turns on their SSL capabilities. By convention, URLs that require an SSL connection start with https: instead of http:.
SSL Certificates are issued from a Certificate Authority (CA) and provide a way for clients to validate that the server they are connecting to is really what it claims to be. Several major CA certificates are built-in to modern Web browsers and SSL frameworks and those primary CAs may also grant validation abilities to secondary CAs as well.
There are two types of certificates, server and client (personal).
The University of Cincinnati uses InCommon as our CA for all new server SSL certificates. You should request a certificate if you are responsible for running an Internet service for the University of Cincinnati that requires SSL. This can include, but is not limited to, Web servers (HTTPS), mail servers (SMTPS, IMAPS, POPS), secure file transfers (FTPS), etc.
Client (personal) Certificates
Through InCommon, UC also offers client certificates, known as personal certificates. These certificates are associated with a person using his or her UC e-mail address for the following purposes.
For instructions on installation of personal certificates, use this tutorial from InCommon.
UCIT pays for server and client certificates issued for the University of Cincinnati by InCommon; they are issued at no additional charge to departments.
To obtain certificates, use the following webapp to make your request. The UCIT Office of Information Security will verify your association with the university and, if approved, will forward the request to UCIT Systems and Operations for fulfillment.
Contact the UCIT Office of Information Security.