InCommon Certificate Use for SSL/TLS

ISO Position Paper

Position Title: InCommon Certificate Use for SSL/TLS

Position Audience: Princeton IT Professionals

Contact Information: Security Office: [email protected]

Position Release Date: November 2018

Problem Statement

The University community utilizes a number of certificate authorities to obtain SSL/TLS
certificates for securing web-based communication. Not all certificate authorities provide the
same level of rigor and quality of services. The University has contracted with a specific
certificate authority (InCommon) to provide certificates to the University, but we continue to
observe certificates being provisioned from other certificate authorities.

ISO Position

Unless certificate services are provided directly from outside hosting providers via an existing
service contract, the University community should obtain SSL/TLS certificates through the OIT
certificate service provided by the InCommon certificate authority. This service, provided free to
the University community, relies upon a trusted higher education partner and provides the
assurance that all certificates provisioned for Princeton services are appropriate.

Additional Information

Certificates: How to request a digital certificate for a web server
Data Transmission and Encryption Standards position paper
Self-Signed Certificates position paper

Data classification: Public