Redesigning the InCommon Certificate Service

Estimated reading time: 3 minutes

By Lisa Doherty, Chair, InCommon Certificate Service Redesign Group

The InCommon Certificate Service has been very successful, and it has seen a lot of growth over the last ten years since the agreement between InCommon and Sectigo was first signed with over 650 institutions subscribed to the InCommon Certificate Service.

InCommon has begun conversations with Sectigo about updating the current agreement, and we are seeing increased interest in advanced features the service could offer, including creating additional InCommon Certificate Service tiers to allow for better alignment with institutional need. The InCommon Certificate Redesign Group serves as an advisory group to inform the direction of the updated service agreement between InCommon and Sectigo.

Surveying Subscribers about Service Offerings, Current and Future

In September, the InCommon Certificate Redesign group sent out a needs survey to the InCommon Community’s RAOs and DRAOs to measure satisfaction and usage across the current service offerings. We also  gauged the need and interest in potential new service offerings. Here’s what we learned from 463 respondents.

The responses indicate current usage of the InCommon Certificate Service includes:

• 91% for website signing/encryption
• 38% for code signing
• 29% for email signing/encryption

In addition, 18% indicated they use custom integrations with the Sectigo Certificate Manager API.

Responses to proposed areas for new service offering include:

• 59% support for cloud integration and application build processes, particularly on AWS and Azure.
• 51% authenticating to eduroam, and 49% VPN access, both of which indicate strong need for private CA management.
• 51% noted a need for automation/deployment, particularly Ansible, and
• 30% for other integrations such as Azure Key Vault, F5 big IP, and Palo Alto Networks

The overwhelming majority of respondents indicated overall satisfaction with the InCommon Certificate Service offerings and support response times from InCommon and Sectigo. There was also clear support for additional offerings, including integration with automation and devops tools,and private CA management.

Next Steps

The survey data will be used to inform the direction of the updated agreement between InCommon and Sectigo over the next few months. Conversations will focus on incorporating features that align with current technologies as well as expanding the service to offer basic and premium tiers.

Lisa Doherty is manager, Academic Computing and Datacenter Computing, at Northern Arizona University.

ICYMI

• InCommon Certificate Service to Highlight Ways to Automate Deployment and Renewal of Certificates

• InCommon Certificate Service Prepares Subscribers for Upcoming Changes to Client Certificates

• InCommon Certificate Service Forms Advisory Group to Help Shape Future Offerings