Purpose and Scope
The purpose of this standard is to define how SSL certificates are to be used to confirm identity, secure communications between devices, and ensure the integrity of transmissions for Information Technology (IT) services provided by the Office of Information Technologies (OIT) or other departments at the University of Notre Dame. This standard applies to all certificates that run on or affect production services. Use of this standard on Development and Test systems is strongly encouraged.
SSL Certificate Usage
- Services should use InCommon or AWS certificates.
- Certificates will be issued and valid for a maximum of one year
- Certificates that are renewed manually must be tracked in ServiceNow
- Group email address are required for at least one of the certificate contacts
- Wildcard certificates and certificates that do not meet the above requirements will not be issued without the approval of the appropriate senior director
All SSL certificates are to be 2048-bit or greater except for those being used for educational applications in computer labs that are NOT customer facing applications. The following individuals are authorized to provide SSL certificates for customer facing applications:
- Designated OIT representative
- Departmental certificate manager
Self-signed SSL certificates can also be used in the following situations:
- Development and test services, or services that will NOT be customer facing.
- Lab environments that will NOT be customer facing (e.g., labs used for educational purposes that are only accessible by students/instructors).
SSL Certificate Management
The departmental IT director must select the certificate manager for his/her department. Each department must have a minimum of two certificate managers.
The departmental IT director must send email to infosec@nd.edu when a certificate manager leaves the University, moves to a new job within the University, or no longer is the appointed certificate manager for his/her department.
If you are in one of the following departments, you can request a new SSL certificate from your departmental IT support staff:
- Center for Research Computing
- Engineering, Science, and Computing
- Hesburgh Libraries
- Law School
- Mendoza College of Business
- University Relations
If you are not in one of the departments listed above and need to request an SSL certificate, you can do so by filling out an SSL request form.
You can find certificate reports for your team on the "My ServiceNOw" dashboard under the "My Teams Certs" tab. Other helpful reports can be found by searching for "cert" under "All" reports in ServiceNow.
Definitions
Certificate Authority
An entity that issues digital certificates.
Certificate Manager
An individual assigned by a departmental IT director to manage the SSL certificates within that department. A certificate manager will be able to create, renew, revoke and replace SSL certificates for domains assigned to their department.
Customer Facing
Any application that provides services to the campus community and/or the world.
Educational Purposes
Having to do with, or pertaining to, a computer lab environment configured for the education of students.
SSL (Secure Socket Layer) Certificate
A digital certificate used to verify the identity of a website, provide for secure communication between devices, and ensure the integrity of the data being sent.
Self-Signed SSL Certificate
An SSL certificate not provided by a third-party certificate authority (e.g., Verisign, GeoTrust, Comodo, etc.).