Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security > Security

Digital Certificate - Overview of Available Digital Certificates

This article provides an overview of the digital certificates offered by the InCommon Certificate Service and where to learn how request and use them.

IT Services provides free X.509 digital certificates via the InCommon Certificate Service:

SSL Certificates

IT Services offers SSL certificates for any host in the uchicago.edu domain (e.g. itservices.uchicago.edu), its subdomains (e.g. itservices.example.uchicago.edu), or, by prior arrangement, any domain outside uchicago.edu that is affiliated with and controlled by the University. Certificates are signed and issued by Comodo, a leading Certificate Authority recognized by all prominent web browsers and email applications.

What is an SSL certificate?

Secure Sockets Layer (SSL) is a protocol that provides secure communication on the Internet for web browsing, email, and other data transfers. E-commerce transactions and CNetID authentication are two examples of data transactions that require SSL encryption per University policy.

X.509 is a standard for identification and secured data exchange using modern digital cryptography. An X.509 certificate can identify any person, object, or information. An SSL certificate is a specialized type of X.509 certificate used for identifying servers and securing data using SSL. An SSL certificate is issued for a specific Internet hostname such as www.uchicago.edu.

An SSL certificate that is signed by a valid certificate authority:

  • verifies the identity of the server to the client (i.e. the client is connecting to the real <example>.uchicago.edu);
  • is used to encrypt data in both directions between the client and the server;
  • can be used to verify the identity of the client, though this is uncommon.

What types of SSL certificates are available?

Type Term Comment
single domain SSL 1, 2, or 3 years  
multiple domain SSL 1, 2, or 3 years aka Subject Alternative Name or SAN certificates - allows up to 100 hostnames on a single certificate
wildcard SSL 1 year additional requirements for requester
single domain IGTF 1 year single purpose use for grid computing
multiple domain IGTF 1 year single purpose use for grid computing, allows up to 100 hostnames on a single certificate

What domain names are eligible for use with InCommon SSL certificates?

Any domain name (including non-.edu domains) that is administered by the University of Chicago is eligible. Please see the related KB article Validate A Domain Name For Use With InCommon Certificate Service for details.

What are the supported browsers, devices and application suites?

Please see the InCommon documentation on supported browsers, devices and application suites.

How to Request and Use an SSL Certificate

Request an SSL Certificate

Please see the relevant Knowledge Base article for the type of certificate you want to request:

Install the Signed SSL Certificate and the CA Chain

Please see the article: Digital Certificate - Install and Use a Server SSL Certificate

Delegation of SSL Certificate Authority

IT Services can optionally delegate certificate-signing authority to interested departments or other organizational units that want to manage their own SSL certificates. Delegated certificate authority uses the existing InCommon infrastructure so it is simple to use and free. To learn more about this option please see Digital Certificate - Become a Department Authority for Approving SSL Certificates.

Code Signing Certificates

What is a Code Signing Certificate?

Code signing certificates (also known as Software Publishing Certificates) can be used to digitally sign software executables and scripts. The digital signature can help users of the signed software to confirm that the software is genuine by authenticating the source of the software (i.e. who published it) and verifying the integrity of the content (i.e. the code hasn't been modified since signed).

Uses of Code Signing Certificates include:

  • Microsoft Authenticode
  • signing Java jar files
  • signing Adobe AIR applications

How to Request and Use a Code Signing Certificate

Questions/Support

If you have questions that are not answered on this page please email certs@uchicago.edu.

See Also




Keywords:SSL, CA, cert, x509, code_signing, software_publish, certificate_authority, incommon, comodo, EV , extended_validation, TLS, PKI, Authenticode, security, igtf   Doc ID:19441
Owner:James C.Group:University of Chicago
Created:2011-08-02 19:00 CDTUpdated:2017-04-05 07:56 CDT
Sites:University of Chicago, University of Chicago - Sandbox
Feedback:  1   0