Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
titleInCommon Certificate Service SSO and MFA Available

The use of single sign-on and multifactor authentication for accessing the Comodo Certificate Manager is available to any subscriber that also operates an Identity Provider in the InCommon Federation. See this wiki page for details.

This is a list of frequently asked questions (FAQ) about the InCommon Certificate Service. See the excellent CA/Browser Forum FAQ for answers to more general questions.


Is Shibboleth a requirement for using the Certificate Service?

No, but we are investigating using federated identity management to simplify access to the InCommon Not at the moment, but you will find it much more secure and convenient to take advantage the SSO/MFA feature for accessing the Certificate Manager (CM).

Why is InCommon membership required for participation?


  1. SSL/TLS Certificates
    1. Organizational Validation (OV) SSL/TLS Certificates
      • includes wild-card certificates
    2. Extended Validation (EV) SSL/TLS Certificates
      • issued directly by Comodo and subject to Comodo's domain vetting processes, terms and conditions, and CPS, but at no extra charge beyond the base InCommon certificate service fee
  2. Client Certificates
    1. Standard Assurance Client Certificates
      • three key usage types: signing-only, encryption-only, and dual-use
      • a centralized key escrow service is available at no extra charge
    2. Code-signing Certificates
    3. not yet available

Are there 1024-bit certificates? What about my current 1024-bit certs?

For security reasons, we no longer issue certificates with 1024-bit keys. Comodo will no longer accept Certificate Signing Requests generated with keys of less than 2048 bits. Existing 1024-key certificates may be used until they expire (but at your own risk of course).

Can I have my own private label CA?

Yes, private label CAs for user certificates are available under our agreement with Comodo. Intermediate CAs are hosted by Comodo, but with campus-specific names, profiles, and practice statements (if desired).  They are available to subscribers who desire this functionality for an additional cost.  The fees for this service are $3500 for the first year and $2400 in subsequent years.


This functionality is anticipated for a later release of the program based upon demand from the InCommon community. Our agreement with Comodo allows for cross-signing of other CAs at an additional cost.

Can I use single sign-on to access the Comodo Certificate Manager?

Yes, if your organization has an identity provider in the InCommon Federation (you can check here), then your RAOs and DRAOs can use SSO.  In addition, Multifactor Authentication is required for RAOs to use SSO.

Questions about SSL/TLS Certificates