InCommon has announced that several new services will soon become available to subscribers of the InCommon Certificate Service. Extended Validation SSL certificates and client (also called personal) certificates will both be available on March 3, 2011. Both are part of the base package for subscribers and will be available at no additional charge. Key escrow and private Certificate Authorities will also be available at an additional cost.
Extended Validation (EV) SSL Certificates
Extended Validation (EV) SSL certificates will be available at no additional charge beginning on March 3, 2011. EV certificates require stringent auditing and compliance, and therefore require a separate legal agreement between the university and Comodo. We will have a copy of this agreement available on the InCommon web site by the end of the month. EV certificates will be requested via the InCommon Certificate Services Manager (CSM) web interface, similar to domain-validated SSL certificates.
Client CPS and Client Certificates
Client certificates (also called personal certificates) will likewise be available at no additional charge beginning on March 3, 2011. Three types of client certificates will be offered: dual-use, encryption-only, and signing-only certificates. Our volunteer PKI subcommittee has been working hard on the Certification Practices Statement (CPS) for client certificates, balancing practical realities with future architectural concerns in both the CPS and the Certificate Profile. The InCommon TAC has also reviewed and discussed the draft CPS, which has been submitted to the InCommon Steering Committee, our PKI Policy Authority, for review. A final vote is expected on Feb 14th. Our thanks to them all, noted at the bottom of this email.
Key Escrow
When client certificates become available on March 3, escrow of private keys will be offered as an option (for an additional fee). If enabled at the organizational level, escrow itself may be enabled (or disabled) by administrators at the department level. Details regarding the technical and business requirements for the escrow of private keys will be available by the end of February.
Private CAs
Also for an additional fee, if your campus needs a hosted private CA – for issuing client certificates signed by a campus rather than InCommon as an intermediate CA – we now have the capability of offering this service. Until we get a web page up describing the details, contact me for more information.
Finally, a number of bug fixes and minor feature enhancements will be included in the March release of the CSM. We will publish a list of changes once that becomes available.