Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
Documentation Index
Web & Portal
Certificate Authority
Overview
Request Certificates: Apache
Request Other Certificates
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Education & Outreach
Support & Repair
Information Security Office (ISO)

Overview

The Carnegie Mellon University Certificate Authority (CA) issues and manages security credentials and public keys for the encryption of Internet network traffic.

Qualifying web servers may receive a certificate that takes advantage of the university's public key infrastructure (PKI); in particular, the widespread penetration of the CMU CA Server certificate, which uses the RSA algorithm and a key length of 1,024 bits.

Computing Services has issued intermediate "signing" certificates to representatives of each of these domains: ECE, CS, PSC. To request one for your web server or for more information, see the section entitled Intermediate Certificate.

Interested in downloading the CMU CA Server for your personal use? Visit the CMU CA Server certificate download page.

Why Use the CA-Signed Digital Certificate

There are typically two reasons that motivate a campus web developer to deploy our CA-signed digital certificate. The first reason is to provide encrypted transactions via HTTPS (SSL/TLS over HTTP).  It is unwise and potentially irresponsible to host a web service inviting the transmission of confidential information unencrypted across the network wire. Unencrypted (plaintext) traffic is easily snooped by anyone on the campus network with the desire and basic knowledge about computer networking.  Use of a digital certificate and the SSL/TLS protocol provides a convenient way to contain this threat using a protocol and cryptosystem that is native to nearly every browser and platform.

The second common motivator for using a digital certificate is to provide trust management by means of the credentials carried by the certificate. A certificate carries with it credentials signed (verified and mastered) by Carnegie Mellon University Computing Services.  This means that by issuing a certificate, the university asserts that the web server in question is a registered machine on the university network.  So the user is guaranteed the web service he or she is accessing is indeed one hosted by a machine on the campus network.

Important! No other assertion about the service can be implied from the knowledge that Carnegie Mellon University has signed a digital certificate. This signature asserts only that the web server is a registered machine on the campus network. It is still possible that the web service has offensive, illegal, and/or malicious intent. 

Some examples of services that use digital certificates include NetReg and the University Directory.

Support Statement

To qualify for a CMU CA signed digital certificate, all of the following conditions must be met:

  • You must agree and conform to the Carnegie Mellon University Computing Policy.
  • You must agree and conform to the Network Protocol Guidelines.
  • The server must be in a cmu.edu domain.
  • The server cannot be in res.cmu.edu.
  • If you are a student, you must have a faculty sponsor willing to submit the request on your behalf. Your certificate will expire in one semester.
  • Computing Services supports certificate request and installation tasks on Andrew Apache. Best-effort advice and recommended third-party documentation is provided for other web servers.

Last Updated: 5/22/07