Public Key Infrastructure

The Public Key Infrastructure at Western University currently incorporates two Certificate Authorities to provide secure communications for it's community. The primary use of the infrastructure is to provide secure  services using the Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as 'SSL'. They are cryptographic protocols that provide communications security over a computer network It is also used to for ldap, mail and code signing

The first Certificate Authority Western uses is Sectigo, previously called Comodo CA which has a world wide presence and is predefined into most common web browsers. Certificates signed by this authority can be used to setup secure services which are available to the greater population of the University or the entire world. WTS is encouraging it's use where possible. There are no fees for using Sectigo.

The second Certificate Authority Western University uses is a local authority maintained by WTS. Certificates signed by this authority can be used to setup secure communications which are used by small groups of local users with domains with a .pri extension. There are no fees for using UWO certificates.

Let's Encrypt

From a recommendation that came out of the WTS Architecture Review Committee which supports the migration away from Let’s Encrypt to Sectigo by the end of 2019. The propagation of Let’s Encrypt exceptions in our CAA record was growing. We’d like to eliminate all exceptions given that we are now centrally funding certificates.

 


Published on  and maintained in Cascade.