Join InCommon
Chain links on blue background

Certificate Service FAQ

Get help with general certificate questions

We’ve got answers to your general InCommon Certificate Service questions below. Visit our wiki page for more detailed information about all of the types of certificates we offer (SSL/TLS, EV, client, and more) and a more-extensive operational and technical FAQ.

What is the InCommon Certificate Service?

The InCommon Certificate Service, created by and for the higher education community, provides unlimited SSL/TLS and client certificates for one low membership fee. This includes unlimited Organizational Validation (OV) SSL/TLS certificates, Extended Validation (EV) SSL/TLS certificates, client (or personal) certificates, and code-signing certificates.

What types of certificates are included?

The InCommon Certificate Service provides unlimited Organizational Validation (OV) SSL/TLS certificates, Extended Validation (EV) SSL/TLS certificates, client (or personal) certificates, and code-signing certificates. See the wiki for technical details.

Why is this program attractive to my institution?

The higher education community developed this service to reduce the cost of certificates to campuses. Because InCommon is a non-profit, community-driven organization, the program provides value and benefits to the subscribers (rather than providing profit for the certificate provider). The program offers unlimited certificates for a single annual fee, which is expected to reduce the cost of certificates for many institutions.

What is Sectigo’s role in this program?

Sectigo is the contracted provider behind the InCommon Certificate Service and supplies the certificate management portal and issues the requested certificates. InCommon provides the registration authority, business, and community engagement functions.

Who can subscribe to the InCommon Certificate Service?

Any higher education institution with its primary location in the United States, who qualifies for a domain in the .edu name space, may subscribe, as well as not-for-profit regional research and education networking organizations in the United States. Subscribers must be InCommon participants or must join InCommon to be eligible for the Certificate Service.

Are non-profit regional R&E networking organizations eligible?

Not-for-profit regional research and education networking organizations with primary offices in the United States that are not housed within an otherwise eligible educational institution may join this program by paying an annual fee of $2,000. No further discounts are applicable to this fee.

In all cases, participation in this program is solely to allow the organization to acquire certificates for staff within that organization and for servers and services operated directly by the organization. Participation explicitly excludes the ability for the organization to issue certificates to members of the organization or to resell the service to members of the organization. This fee also applies to any non-Carnegie classified organizations who qualify for participation (i.e., organizations in the United States who currently have a .edu domain). All participating organizations must still join InCommon as is required for all participants in this program.

Can we take advantage of the Certificate Service without participating in federated identity services?

Yes. You must join InCommon but you don’t need to use the federated identity services.

Is Shibboleth a requirement for using the Certificate Service?

Not at the moment, but you will find it much more secure and convenient to take advantage of the SSO/MFA feature for accessing the Certificate Manager (CM).

Why is InCommon membership required for participation?

This program is an extension of the trust services already being provided and managed by InCommon, and will require InCommon resources, including staff time and effort. In particular, implementation of this program will take advantage of the Registration Authority (RA) already managed by InCommon for establishing a trust services infrastructure with participants.

What does the InCommon Certificate Service cost?

Please see the official fee schedule. Internet2 members receive a 25 percent discount.

Why are Internet2 members being given a 25 percent discount?

InCommon is wholly owned by Internet2, and Internet2 provided the initial capital required to launch the program.

How do I sign up for this program?

There is a Certificate Service Subscriber Agreement stored in our document repository. The Subscriber Agreement is an addendum to the InCommon Participation Agreement. InCommon participation is required to take advantage of the certificate service.

What is the required term of participation?

Initially, institutions are required to commit to participation for an initial term of three (3) years, with the certificate service fee billed annually.