InCommon Certificate Service
Purdue is a member of the InCommon Federation. The InCommon
Federation provides unlimited certificates via their InCommon Certificate Service to its member
institutions for a single price.
Server and code-signing certificates are currently available, with personal certificates to be offered in the future.
This cost will be funded centrally by IT Security and Policy (ITSP) for use on Purdue services and applications.
All current certificates are still valid. The transition of certificates from the existing provider to InCommon Certificate Service will happen as the current certificates expire. There is no need to remove existing valid certificates and replace them with InCommon certificates.
If you would like to read more about the InCommon Certificate Service, please visit http://www.incommonfederation.org/cert/.
Note: If you are looking for information about the InCommon Federation Service, please visit the IAMO Incommon Service page
Requesting an InCommon Server Certificate
To request a host certificate for a host within the Purdue domain, send the following information to firstname.lastname@example.org:
Certificate Signing Request (CSR) with the following defaults:
- Key length=2048
- OU=Department Name
- L=West Lafayette
- O=Purdue University
In addition, please include an email contact for the certificate. This can be an individual or a group mailing list. A
notification will be sent to this address once the certificate is ready.
After your request has been submitted, IAMO will verify the requester and host information for the certificate. Once verified, it will be submitted to InCommon. When the certificate request has been processed by InCommon, an email will be sent to the email contact that includes the information needed to download the requested certificate.
Normal turnaround time on requests for production servers is approximately 2-3 business days.
Note: certificates for domains outside of the Purdue domain will take significantly longer.
Requesting an InCommon Code-Signing Certificate
To request a code-signing certificate for use at Purdue, please send the following information to email@example.com:
- The name of the Purdue department that will use the certificate.
- An email address to assign to the certificate. Preferably this would not be a specific user's email address, but rather a group or mailing list.
After your request has been submitted, IAMO will create a Code Signing Certificate Enrollment invitation. When
the invitation has been processed by InCommon, an email will be sent to the email contact that includes a link to
generate a private key and create a certificate request. Once the certificate is signed, another email message
will be sent to the email contact with a link to download the certificate.
Normal turnaround time on requests for code-signing certificates is approximately 2-3 business days.
Note: A pre-generated Certificate Signing Request (CSR) is not required for a code-signing certificate.