Due to new restrictions put in place by leading browsers, 2-year certificates created after August 31, 2020 will not be trusted. Sectigo, the root CA behind the InCommon Certificate Service, will stop issuing 2-year certs on August 19, 2020. Three-year certs created before September 1, 2020 will continue to be valid for their full 3-year lifetime. These new restrictions do not apply to UW CA certificates.
InCommon CA or UW CA?
In general, use InCommon CA if the certificate is for website SSL, and UW CA if the certificate is for authenticating to a UW web service (e.g. student web service or person web service). For more information see CA comparison.
InCommon certificates have a maximum lifetime of two years starting 2018-03-01. This change affects all publicly trusted CAs. See CAB Ballot 193 for more information. The UWCA is not a publicly trusted CA and continues to issue three year certificates.
- Server certificates for website SSL
- InCommon CA is rooted in a commercial CA certificate trusted by browsers and OSes.
- Accepts certificate requests via the UW Certificate Services website.
- Supports server certificates for UW websites and other services.
- Supports unlimited server certificates for all UW-owned domains approved by InCommon.
- Wildcard certificates available to registered owners of approved domains.
- Certificates issued at no additional cost to UW departments; part of the basic services bundle.
- End users don't need to install any additional root certificates.
- Server admins must install the InCommon CA intermediate certificate.
- Not trusted by most UW Web Services for client authentication.
UW Services CA
- Client certificates for interaction with UW Web Services