Scope

System Computing Services provides:

  • Assistance with requesting unlimited PKI certificates, which are issued by a public Certificate Authority (CA) to clients and their non-commercial subsidiaries and community partners and are valid for .edu and non-.edu DNS domains
  • Well-trusted certificates via InCommon, including code-signing, S/MIME, and TLS/SSL certificates; multi-domain (SAN and wildcard subjects) are permitted where appropriate
  • Internally trusted PKI services for communication between SCS managed systems and services
  • Revocation of previously issued certificates upon request or upon reasonable suspicion that a certificate has been misused or compromised
  • Assistance with understanding certificate types and their technical requirements
  • Communication of major changes related to PKI services
  • Best effort notification of upcoming certificate expirations

Client Responsibilities

  • Designate two PKI service technical contacts authorized to request certificates on behalf of the institution, and to receive communications related to PKI services
  • Ensure each issued certificate is only used for its intended purpose and is either removed from service, renewed, or revoked before it expires
  • Promptly report any suspicious activity or misuse of the PKI service to SCS Service Desk for investigation and remediation