InCommon Certificate Service

Overview

The University of Rhode Island has partnered with InCommon Federation which allows the University to obtain digital certificates at an affordable annual fee. The cost is completely covered by Information Technology Services as certificates are deployed as part of our enterprise license agreement with InCommon. There is no charge to the University community who request digital certificates for the purposes of securing Internet traffic. The InCommon license entitles the University to issue electronic certificates for all URI domains.

Transport Layer Security (TLS) is a security protocol used to provide two-way encryption for unencrypted protocols like HTTP. TLS certificates also provide a way for clients to validate that the server or domain they are connecting to is authentic.

Certificate Lifetimes and ACME

The certificate industry is transitioning to 90-day maximum SSL/TLS certificate lifetimes, driven by browser vendors’ security requirements, representing a significant decrease from traditional multi-year validity periods. The Automated Certificate Management Environment (ACME) protocol has made this shift operationally feasible by automating certificate issuance, renewal, and deployment.

Most requests for certificates will necessitate a discussion about the implementation of an ACME client to respond to industry requirements.

Requests

Certificate can be requested from Rhody Support using the TLS Certificate Request/Renewal request item. ITS Information Security staff may ask for validation of any request for service or record creation under this system. Validation would normally be by telephone to a department supervisor.

If your host name or website has multiple DNS entries, a separate certificate for each is not necessary.  Please indicate that you will need Subject Alternative Names (SAN) in your request.

Wildcard Certificates

In an effort to reduce university risk, the Information Security Office will not issue wildcard certificates for any production sub-domains. Most requests are processed within 24 – 48 hours.  In some cases, it can take up to 72 hours for new requests to be fulfilled.  Please plan accordingly.

Additional Resources

InCommon Certificate Service Support — https://www.incommon.org/certificates/support-for-certificates/
InCommon Information Repository — https://www.incommon.org/certificates/repository/