Skip to end of metadata
Go to start of metadata

Overview

This Service Level Agreement (SLA) defines the responsibilities of the Registration Authority Officers (RAOs), Departmental Registration Authority Officers (DRAOs), and other participating university members as they pertain to the management and use of InCommon Certificates.

Service Description

The InCommon Certificates Manager service allows designated University at Albany employees to request and manage X.509 compatible certificates of the following type.

  • SSL Certificates
  • Code Signing Certificates

Intended users

  • RAO – Members of ITS who can request, approve/decline requests and manage certificates on behalf of the University at Albany, in addition to creating DRAOs.
  • DRAO - Employees who are technically qualified to manage X.509 certificate requests and assignments, and who are familiar with the University at Albany Polices, which are located at ITS Policies. Generally, staff who have broad IT technical support responsibilities will be designated as Departmental Registration Authority Officers (DRAO) after undergoing training in the use of the InCommon Certificate Management portal. The Information Security Officer will be responsible for granting this privilege.
  • Members - Other participating university employees who are not DRAOs, but are technically qualified to manage X.509 certificate requests and assignments, and who are familiar with the University at Albany Polices, which are located at ITS Policies.  These customers can request a certificate from their respective DRAO, or if they do not have a DRAO, by submitting a request via UACertificates - Requests

Supported Computing Environment

Technical Support

  • Recovery and revocation support: Requests for assistance should be submitted at UACertificates - Requests and will be handled as soon as possible, within two working days. Recovery and revocation support is available 9:00 a.m. to 3:00 p.m., Monday through Friday, excluding holidays and reduced schedule days.
  • A new certificate will be issued within two business days, unless the request is for an Extended Validation Certificate, which may take up to nine days to be issued.
  • A Code Signing Certificate may take up to three weeks to be issued, and is only issued at the discretion of the ISO.
  • Additional information concerning InCommon Certificates and their support can be found in the online documentation at InCommon.

User Accounts

  • Accounts will be created at the level of Department Regisration Authority Officer (DRAO).
  • DRAOs will have the ability to manage SSL certificates.
  • DRAOs can use the self-enrollment process to allow qualified staff to apply for SSL certificates
  • DRAOs cannot issue code signing certificates. These will be considered on a case-by-case basis by the ISO.
  • By default, DRAOs cannot create additional administrators. These will also be handled on a case-by-case basis.
  • Prospective DRAOs must attend one training session on the use of the Certificate Management portal.
  • DRAOs will be given administrative privileges on UAlbany's Server Inventory site to review the status of servers that are the subject of a certificate signing request (CSRs).

User Responsibilities

  • DRAOs and Members agree to adhere to the University's Acceptable Use Policies.
  • DRAOs agree to manage certificate requests and issued certificates responsibly.
  • DRAOs and Members will maintain the confidentiality of their Certificate Manager credentials and will promptly report any suspected abuse or exposure of these credentials.
  • DRAOs and Members recognize that ITS does not provide support for the generation of CSRs nor the implementation and management of certificates.