The Carnegie Mellon University Certificate Authority (CA) issues and manages security credentials and public keys for the encryption of Internet network traffic.
Why Use CMU CA-Signed Digital Certificates
There are typically two reasons that motivate a campus web developer to deploy our CA-signed digital certificates. The first reason is to provide encrypted transactions via HTTPS (SSL/TLS over HTTP). It is unwise and potentially irresponsible to host a web service inviting the transmission of confidential information unencrypted across a network. Unencrypted (plaintext) traffic is easily snooped by anyone on the campus network with the desire and basic knowledge about computer networking. Use of a digital certificate and the SSL/TLS protocol provides a convenient way to contain this threat using a protocol and cryptosystem that is native to nearly every browser and platform.
The second common motivator for using a digital certificate is to provide trust management by means of the credentials carried by the certificate. A certificate carries with it credentials signed (verified and mastered) by Carnegie Mellon University Computing Services. This means that by issuing a certificate, the University asserts that the web server in question is a registered machine on the University network. So the user is guaranteed the web service he or she is accessing is indeed one hosted by a machine on the campus network.
Important! No other assertion about the service can be implied from the knowledge that Carnegie Mellon University has signed a digital certificate. This signature asserts only that the web server is a registered machine on the campus network. It is still possible that the web service has offensive, illegal, and/or malicious intent.
Some examples of services that use digital certificates include Web Login and NetReg.
Requesting CMU CA-Signed Certificates
To request a CMU CA-signed certificate for University business or research:
- Register your system in NetReg
- Email email@example.com with the following information
- Departmental e-mail address
- Certificate Signing Request (CSR)
- List of Subject Alternative Names, if needed
For instructions on generating the required CSR, please see the appropriate article for your software and/or operating system from Comodo's CSR Generation Knowledgebase List.