IAM in Service Catalog
Due to new restrictions put in place by leading browsers, InCommon certificates will have a maximum lifetime of one year starting August 19, 2020. Two-year certificates created before that date will continue to be valid for their full lifetime. This change affects all publicly trusted CAs. The UWCA is not a publicly trusted CA and continues to issue three year certificates. Read more at End of Life for 2-year Certificates.
UW Certificate Services enables self-service support for registered UW DNS contacts requests by registered owners of DNS names to obtain X.509 certificates from the UW Services CA and InCommon CA.
Authorized individuals can log in to Registered owners of DNS names can manage their certificates via the UW Certificate Services website at https://iam-tools.u.washington.edu/cs/
The UW Services CA supports server certificates for UW websites and client certificates for UW applications.
The UW Services CA is not trusted by browsers by default. To avoid browser warnings, users must install the UW Services CA root certificate.
The UW Certificate Services brokers certificate requests to the InCommon CA.
The InCommon CA is rooted in a CA certificate trusted by browsers, so users don't need to install any additional root certificates. Server admins may need to install an extra intermediate root certificate.
Authorization is based on registered contact information for DNS names managed in UW DNS, and based on UW group memberships for DNS names managed outside of UW DNS.
In general, use InCommon CA if the certificate is for website SSL, and UW CA if the certificate is for authenticating to a UW web service (e.g. student web service or person web service). For more information see CA comparison.