The Carnegie Mellon University Certificate Authority (CA) issues and manages security credentials and public keys for the encryption of Internet network traffic.
Qualifying community members conducting University business or research may take advantage of the University's partnership with a commercial vendor to receive digital certificates signed by a certificate authority that ships pre-installed in common web browsers and platforms.
Why Use CMU CA-Signed Digital Certificates
There are typically two reasons that motivate a campus web developer to deploy our CA-signed digital certificates. The first reason is to provide encrypted transactions via HTTPS (SSL/TLS over HTTP). It is unwise and potentially irresponsible to host a web service inviting the transmission of confidential information unencrypted across a network. Unencrypted (plaintext) traffic is easily snooped by anyone on the campus network with the desire and basic knowledge about computer networking. Use of a digital certificate and the SSL/TLS protocol provides a convenient way to contain this threat using a protocol and cryptosystem that is native to nearly every browser and platform.
The second common motivator for using a digital certificate is to provide trust management by means of the credentials carried by the certificate. A certificate carries with it credentials signed (verified and mastered) by Carnegie Mellon University Computing Services. This means that by issuing a certificate, the University asserts that the web server in question is a registered machine on the University network. So the user is guaranteed the web service he or she is accessing is indeed one hosted by a machine on the campus network.
Important! No other assertion about the service can be implied from the knowledge that Carnegie Mellon University has signed a digital certificate. This signature asserts only that the web server is a registered machine on the campus network. It is still possible that the web service has offensive, illegal, and/or malicious intent.
Some examples of services that use digital certificates include Web Login and NetReg.
Requesting CMU CA-Signed Certificates
To request a CMU CA-signed certificate for University business or research, visit Carnegie Mellon Certificate Authority - Overview.
Replacement of SHA-1 SSL Certificates Needed
We recommend prioritizing replacement of SHA-1 SSL certificates with SHA-2 SSL certificates for public facing web servers by early November 2014 to avoid negative user impact. Visit Replacement of SHA-1 SSL Certificates Needed.