Public Key Infrastructure Services
System Computing Services provides Public Key Infrastructure (PKI) services to most NSHE institutions and their non-commercial affiliates, including unlimited well-trusted certificates of various types for their respective .edu and non-.edu DNS domains.
System Computing Services provides:
- Assistance with requesting unlimited PKI certificates, which are issued by a public Certificate Authority (CA) to clients and their non-commercial subsidiaries and community partners and are valid for .edu and non-.edu DNS domains.
- Well-trusted certificates via InCommon, including code-signing, S/MIME, and TLS/SSL certificates; multi-domain (SAN and wildcard subjects) are permitted where appropriate.
- Internally trusted PKI services for communication between SCS managed systems and services.
- Revocation of previously issued certificates upon request or upon reasonable suspicion that a certificate has been misused or compromised.
- Assistance with understanding certificate types and their technical requirements.
- Communication of major changes related to PKI services.
- Best effort notification of upcoming certificate expirations.
- Designate two PKI service technical contacts authorized to request certificates on behalf of the institution, and to receive communications related to PKI services.
- Ensure each issued certificate is only used for its intended purpose and is either removed from service, renewed, or revoked before it expires.
- Promptly report any suspicious activity or misuse of the PKI service to SCS Service Desk for investigation and remediation.