InCommon Certificate Service SSO and MFA Available

The use of single sign-on and multifactor authentication for accessing the Comodo Certificate Manager is available to any subscriber that also operates an Identity Provider in the InCommon Federation. See this wiki page for details.

Application for Client Certificates

Although unlimited client certificates are available to all subscribers of the InCommon Certificate Service at no extra charge, a new or existing subscriber explicitly chooses whether or not to issue client certificates. This choice may be made at any time. Before client certificates can be issued, the subscriber's Executive contact must complete and submit this online application form.

Questions? Please send email to with "Client Certificate Question" in the subject line.

Name(s) of RAO
Please provide the name of one or more RAOs to manage client certificates at your institution. Please note: These should be the same RAOs that manage your SSL and other certificates. An institution can register a maximum of three RAOs total, not three per certificate type.

Key Escrow
We strongly encourage you to visit our wiki and read the sections on understanding Key Escrow and initializing Key Escrow.

If your organization was created prior to 8 March 2011, Key Escrow for the top level of your Organization was enabled by default. In this case, we will contact the first RAO you list above about creating and taking possession of your organization's master private key for Key Escrow. The master private key is the sole means of decrypting the database of escrowed user private keys. Esccrow may be turned off at the department level.

All organizations created after 8 March 2011 have Key Escrow turned off at the top level, but RAOs may still enable key escrow for new departments if they wish. Our wiki has further technical details regarding key escrow.

The decision about key escrow is final and cannot be subsequently modified.

Applicant Information
Please tell us who you are.

I am aware that our organization's use of client certificates must comply with InCommon's relevant certification policies and our participation agreement and related certificate addenda.

Press "Submit" to send the completed application form to InCommon staff for further processing. You will receive a copy via email.

  • No labels