Carnegie Mellon University

Certificate Authority

The Carnegie Mellon University Certificate Authority (CA) issues and manages security credentials and public keys for the encryption of Internet network traffic.

Why Use CMU CA-Signed Digital Certificates

There are typically two reasons that motivate a campus web developer to deploy our CA-signed digital certificates. The first reason is to provide encrypted transactions via HTTPS (SSL/TLS over HTTP).  It is unwise and potentially irresponsible to host a web service inviting the transmission of confidential information unencrypted across a network. Unencrypted (plaintext) traffic is easily snooped by anyone on the campus network with the desire and basic knowledge about computer networking.  Use of a digital certificate and the SSL/TLS protocol provides a convenient way to contain this threat using a protocol and cryptosystem that is native to nearly every browser and platform.

The second common motivator for using a digital certificate is to provide trust management by means of the credentials carried by the certificate. A certificate carries with it credentials signed (verified and mastered) by Carnegie Mellon University Computing Services.  This means that by issuing a certificate, the University asserts that the web server in question is a registered machine on the University network.  So the user is guaranteed the web service he or she is accessing is indeed one hosted by a machine on the campus network.

Important! No other assertion about the service can be implied from the knowledge that Carnegie Mellon University has signed a digital certificate. This signature asserts only that the web server is a registered machine on the campus network. It is still possible that the web service has offensive, illegal, and/or malicious intent.  

Some examples of services that use digital certificates include Web Login and NetReg

Requesting CMU CA-Signed Certificates

To request a CMU CA-signed certificate for University business or research:

  1. Register your system in NetReg
  2. Email with the following information
    • Departmental e-mail address
    • Certificate Signing Request (CSR)
    • List of Subject Alternative Names, if needed

For instructions on generating the required CSR, please see the appropriate article for your software and/or operating system from Comodo's CSR Generation Knowledgebase List.