ITS has created a simpler, more secure process for University system administrators to request free SSL certificates.
Starting June 30, campus system administrators can use a self-service site to request their SSL (Secure Socket Layer) certificates for establishing an encrypted link between a Web server and a browser. The new InCommon SSL Certificate Service will log and track all steps of obtaining a SSL certificate, from when and who requested the certificate to when ITS Security approved it and everyone who touched it along the way.
Receive most certificates within a couple days
Most certificates will be available in less than two business days. Single-host, multi-domain and wildcard certificates are available. The certificates run for as long as three years and as short as one year.
New system improves security
ITS’ InCommon SSL Certificate self-service site was developed in collaboration with the ITS Information Security Office. ITS Security gains a full view of the process and provides centralized approvals of wildcard certificates as well as individual requests of more than 15 certificates. The end result is better security.
“It kind of takes the Software Office out of having to be a security expert,” said Greg Neville, IT Manager of Software Acquisition.
The Heartbleed security bug in April 2014 helped push along this initiative. Campus IT personnel patched affected systems and decided that new “clean SSL certificates” were needed.
Under the old process, which will be replaced by this new centralized service on June 30, campus system administrators emailed requests to software@unc.edu and Neville manually typed in each applicant’s information before responding to each individual request.
Complex on the back-end, simple for users
“It was an interesting application to develop,” said Brett Vasu, Manager of ITS Response Center (ITRC) Infrastructure. The complex service talks to four different systems.
Like with a pretty Mustang, Neville said, “There’s a lot under the hood with this.”
“The complexity makes it so much easier on the end user,” Vasu said.
“The new site for requesting certificates is certainly a welcome change,” said Dave Mason, ITS Applicants Specialist.
“You follow some instructions, submit a Web form, then a new certificate is emailed to you,” Mason said. “It could not be made simpler, and there’s nothing intimidating about it.”