Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In general, use InCommon CA if the certificate is for website SSL, and UW CA if the certificate is for authenticating to a UW web service (e.g. student web service or person web service).  For more information see CA comparison.  

Note
titleImportant notice for InCommon SSL certificate customers

If you are using an InCommon SSL certificate that expires on or after 1/1/2016, you may need to obtain a new SSL certificate to avoid certificate warnings in at least one popular browser. This change is related to an industry-wide migration away from the SHA-1 signing algorithm in favor of SHA-2. Read Transition to InCommon SSL Certificates Signed with SHA-2 to learn more. 

Section
borderfalse
Column
width50%
Panel

InCommon CA

Recommended for:

  • Server certificates for website SSL

Features:

  • InCommon CA is rooted in a commercial CA certificate trusted by browsers and OSes.
  • Accepts certificate requests via the UW Certificate Services website.
  • Supports server certificates for UW websites and other services.
  • Supports unlimited server certificates for all UW-owned domains approved by InCommon.
  • Wildcard certificates available to registered owners of approved domains.
  • Certificates issued at no additional cost to UW departments; part of the basic services bundle.
  • End users don't need to install any additional root certificates.
  • Server admins must install the InCommon CA intermediate certificate.
  • Trusted by the UW pubcookie keyserver for keyclient authentication.
  • Not trusted by some UW Web Services for client authentication.

Documentation:

Column
width50%
Panel

UW Services CA

Recommended for:

  • Client certificates for interaction with UW Web Services

Features:

  • Accepts certificate requests via the UW Certificate Services website.
  • Supports server certificates for UW websites and other services.
  • Supports client certificates for UW applications for TLS client authentication.
  • Not trusted by default by browsers and operating systems.
  • End users must install the UW Services CA root certificate.
  • Trusted by the UW pubcookie keyserver for keyclient authentication.
  • Trusted by most UW Web Services for client authentication.

Documentation:

 

 

Note
titleImportant notice for InCommon SSL certificate customers

If you are using an InCommon SSL certificate that expires on or after 1/1/2016, you may need to obtain a new SSL certificate to avoid certificate warnings in at least one popular browser. This change is related to an industry-wide migration away from the SHA-1 signing algorithm in favor of SHA-2. Read Transition to InCommon SSL Certificates Signed with SHA-2 to learn more.

...

 See Also