Due to new restrictions put in place by leading browsers, 2-year certificates created after August 31, 2020. will be treated as invalid. Sectigo, the root CA behind the InCommon Certificate Service will stop issuing 2-year certs on August 19, 2020. Three-year certs created before September 1, 2020 will continue to be valid for the full 3-year lifetime. These restrictions do not apply to UWCA certificates.


UW Certificate Services enables self-service requests by registered owners of DNS names to obtain X.509 certificates from the UW Services CA and InCommon CA.

Registered owners of DNS names can manage their certificates via the UW Certificate Services website at https://iam-tools.u.washington.edu/cs/

Authorization is based on registered contact information for DNS names managed in UW DNS, and based on UW group memberships for DNS names managed outside of UW DNS.

InCommon CA or UW CA?  

In general, use InCommon CA if the certificate is for website SSL, and UW CA if the certificate is for authenticating to a UW web service (e.g. student web service or person web service).  For more information see CA comparison.

InCommon certificates have a maximum lifetime of two years starting 2018-03-01. This change affects all publicly trusted CAs. See CAB Ballot 193 for more information. The UWCA is not a publicly trusted CA and continues to issue three year certificates.

 See Also