A pilot involving several InCommon Certificate Service subscribers continues, testing the use of single sign-on (SSO) and multifactor authentication (MFA) to log in to the Comodo Certificate Manager. This is a feature that has long been requested and was one of the top most-desired items on the survey conducted last year.

Rather than use credentials provided by Comodo, those who administer certificates on campus (both RAOs, or Registration Authority Officers as well as DRAOs, or Departmental Registration Authority Officers) will use their InCommon federated credentials for single sign-on. In addition, RAOs will leverage their local multifactor authentication process to secure their logins. The benefits of this approach include:

  • The InCommon Certificate service is used by organizations as their basis of internal and external trust. Protecting access with MFA reduces the likelihood of stolen credentials.

  • MFA-protected SSO increases security by leveraging protected campus credentials that RAOs already use in their local context to access higher security services.

This security enhancement will leverage the REFEDS Multi-Factor Authentication Profile that allows service providers to signal the need for, and Identity providers to signal the use of, multifactor authentication. The profile is maintained by the international Research and Education Federations (REFEDS) organization comprised of more than 40 national federations (including InCommon).

In response to requests from the InCommon community, we are pleased to announce that Comodo has contracted with a new status service to provide the current state of the Comodo Certificate Manager system and accompanying notices of scheduled maintenance.

Status and maintenance alerts are currently posted to the cert-users@incommon.org list. To streamline things for Comodo, and to free the InCommon cert-users list of these updates, as of June 1, 2017, Comodo will no longer post system status and maintenance updates to the cert-users list. However, the new email list, maintained by the status.io service, requires a manual opt in. Everyone is encouraged to visit the new Comodo CM status page for updates, and to subscribe to these alerts, which will be generated by the status service and emailed to you.

This will also allow us to return the cert-users list to its original intent to serve as a discussion list for the InCommon Certificate Service subscriber community.

Through June 1, 2017, Comodo will publish status and maintenance alerts through the new status service and also to the cert-users page. After June 1, these alerts will no longer appear here on the cert-users list. Why wait? Head over to Comodo’s page now and sign yourself up for the alerts.  The new service is available now.  You can sign up to the list by clicking the “SUBSCRIBE” button in the top right of the status page.