ISO Position Paper
Position Title: InCommon Certificate Use for SSL/TLS
Position Audience: Princeton IT Professionals
Contact Information: Security Office: InfoSec@princeton.edu
Position Release Date: November 2018
The University community utilizes a number of certificate authorities to obtain SSL/TLS
certificates for securing web-based communication. Not all certificate authorities provide the
same level of rigor and quality of services. The University has contracted with a specific
certificate authority (InCommon) to provide certificates to the University, but we continue to
observe certificates being provisioned from other certificate authorities.
Unless certificate services are provided directly from outside hosting providers via an existing
service contract, the University community should obtain SSL/TLS certificates through the OIT
certificate service provided by the InCommon certificate authority. This service, provided free to
the University community, relies upon a trusted higher education partner and provides the
assurance that all certificates provisioned for Princeton services are appropriate.
Data classification: Public