Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Wiki Markup
h2. Application for Client Certificates

Although unlimited client certificates are available to all subscribers of the InCommon Certificate Service at no extra charge, a new or existing subscriber explicitly chooses whether or not to issue client certificates. This choice may be made at any time. Before client certificates can be issued, the subscriber's Executive contact must complete and submit this online application form. 

* Questions? Please send email to [admin AT incommon DOT org with "Client Certificate Question" in the subject line| Certificate Question].

{mail-input:type=hidden|name=subject|value=Client Certificate Application}

*Name of Applying Organization*:

*Name of RAO*
Please provide the name of one or more RAOs to manage client certificates at your institution. Please note: These should be the same RAOs that manage your SSL and other certificates. An institution can register a maximum of three RAOs total, not three per certificate type.

*RAO #1:* {mail-input:type=text|name=RAO1|cssStyle=width:500px|required=true}
*RAO #2:* {mail-input:type=text|name=RAO2|cssStyle=width:500px|required=false}
*RAO #3:* {mail-input:type=text|name=RAO3|cssStyle=width:500px|required=false}

*Key Escrow*
Please note: We strongly encourage you to visit our wiki and read the sections on [understanding Key Escrow and initializing Key Escrow|InCCollaborate:Client Cert Technology#ClientCertTechnology-KeyEscrow].

If your organization was created prior to 8 March 2011, Key Escrow for the top level of your Organization was enabled by default. In this case, we will contact the first RAO you list above about creating and taking possession of your organization's master private key for Key Escrow. The master private key is the sole means of decrypting the database of escrowed user private keys. Esccrow may be turned off at the department level.

All organizations created after 8 March 2011 have Key Escrow turned off at the top level, but RAOs may still enable key escrow for new departments if they wish. Our wiki has further [technical details regarding key escrow|InCCollaborate:Client Cert Technology].

*The decision about key escrow is final and cannot be subsequently modified.*

*Applicant Information*
Please tell us who you are.

*First Name:* {mail-input:type=text|name=First_Name|cssStyle=width:300px|required=true}
*Last Name:* {mail-input:type=text|name=Last_Name|cssStyle=width:300px|required=true}
*Email:* {mail-input:type=text|name=email|cssStyle=width:300px|required=true}
*Title:* {mail-input:type=text|name=title|cssStyle=width:500px|required=true}
*Phone:* {mail-input:type=text|name=phone|cssStyle=width:500px|required=true}
*Submitter:* {mail-input:type=text|name=submitter|cssStyle=width:500px|required=falsetrue}

*The following is a true statement*:

{mail-input:type=checkbox|name=policy_confirmation|value=Yes|required=true}  I am aware that our organization's use of this new class of certificate — Client certificates — must comply with InCommon's [relevant certification policies|] and our participation agreement and related certificate addenda.



_Press the "Submit Application" button to send the completed application form to InCommon staff for further processing_.

{mail-submit:Submit Application}

{tip:title=Application Accepted!}Thank you for submitting your request to enable client certificates for your organization.{tip}