Sectigo

To provide a streamlined approval process for getting a certificate signed, Western University is enrolled in the Enterprise PKI solution from Sectigo. This agreement between Western and Sectigo allows a local representative to approve signing requests from on campus. This removes the sometime lengthy and complex approval process that would be required without this agreement.


The recommendation that came out of the WTS Architecture Review Committee supports the migration away from any other CA provider including Let’s Encrypt to Sectigo.

WTS is eliminating all exceptions given that we are now centrally funding certificates using Sectigo.
There is no cost to the end user.

Note:

As of January 1, 2019 Sectigo is Western's certifcate Authority.

You will need to install this new Intermediate certificate on your server.

Administrators

There are 4 Enterprise Security Officers (ESO) for Western University. They have been vetted by Sectigo to manage the account. You can contact them at web-certificates@uwo.ca.

Valid domains

We provide Sectigo certificates for the following validated domains and subdomains:

  • uwo.ca
  • westernu.ca

If others are required please contact WTS. All non uwo.ca domains must go through a validation process before certificates can be issued. See Domain Control Validation (DCV)

Wildcard certificates are also available.

 

Pricing Information.

WTS does not charge for this service and there are no fees to use Sectigo.

 

Importance of a Signed Certificate

Sectigo Certification required a strong approval process in order to maintain a good reputation as a Certificate Authority (CA) on the internet. Abuse of the Enterprise PKI solution may cause harm not only Western but also Sectigo and all the other Internet Parties Sectigo certifies. Therefore certificates should be treated with a strong importance. Consider them official documents of Western  to be protected and used properly.

Certificate revocation and renewal

In the event that a certificate (or the server on which it resides) is suspected of having been compromised in any way, contact web-certificates@uwo.ca. immediately to initiate revocation of the at-risk certificate and reissuance of a new certificate. Similarly, when a certificate is expiring (or if it has already expired), contact web-certificates@uwo.ca. to arrange for certificate renewal (or revocation, if applicable).

How does the Enterprise PKI solution work?

  • WTS has provided a web interface in which certificate requests can be submitted and approved. The turn around time of this process can be as little as 1 working day. Here is the basic process flow for generating a CSR and getting it signed and installed.
  • Requestor generates a Private Key and Certificate Signing Request (CSR)
  • Requestor submits the CSR through the WTS web form.
  • WTS will verify this request and contact you if any issues
  • WTS will approve and submit the request to Sectigo
  • Upon approval, your  certificate will be signed by Sectigo.
  • When ready, the administrative and technical contacts will receive an email from a WTS pki administrators
This will contain the certificate.

Additional Information

If you have any questions about this process please send them to web-certificates@uwo.ca.

Published on  and maintained in Cascade.