DRAFT DRAFT DRAFT
What Is It
UC Irvine is participating in the InCommon Certificate program, which allows delegated administrators in campus departments to issue and renew digital certificates used for such purposes as securing web servers run on behalf of your department. Through the InCommon Certificate program, UC Irvine pays a site fee (sponsored by OIT), and is then entitled to issue unlimited digital certificates through Comodo, a well-established commercial Certificate Authority. More information about this program is available at http://www.incommonfederation.org/cert/
How It Benefits Campus
This allows campus units to "freely" issue unlimited trusted SSL certificates for campus services. It will allow us to centralize obtaining certificates in a standardized way, centralize reporting and notifications on when they are expiring, remove the need to generate untrusted self-signed certificates, no longer propagate the insecure mindset of users ignoring certificate warnings in web browsers, and in the long run cut costs that the campus as a whole spends annually on SSL certificates.
Status
We are testing internally within OIT the delegation and access controls of the service and approval process, as well as testing the actual issuing different types of SSL certificates for different use cases. We are also beginning conversations with academic schools and other non-OIT units of how to best distribute responsibilities to their organizations depending on their size and degree of decentralization. Contact security@uci.edu for details on getting involved.