Upgrade to InCommon Certificate Manager Coming April 27, 2013
An upgrade to the InCommon Certificate Manager (CM) has been scheduled for Saturday, April 27, 2013, from 3:00 AM EDT through 7:00 AM EDT. The CM will be completely unavailable during this time (a period of time when few InCommon sites normally request certificates). Please plan to request new certificates prior to the maintenance period, or you'll need to wait until after the maintenance has completed to do so.
This scheduled maintenance will only affect the Certificate Manager interface, which is used by RAOs and DRAOs to request certificates. The Comodo root CA, the InCommon intermediate CA, and all other critical certificate-related services will continue to be available without interruption. If you need emergency access to certificate management functionality, or if you have any questions or concerns, please contact Comodo Technical Support as indicated on the InCommon web site.
This upgrade will add several new features and enhance the look and feel of the CM. Some of the major benefits of this upgrade include:
- Enhanced Certificate Discovery Scanning (which helps sites find systems on their network that have SSL web certificates installed)
- Remote certificate lifecycle management for Microsoft IIS 5.x - 7.x and Apache2 for UNIX-like systems
- Domain Control Validation
The most important of these new features is Domain Control Validation (DCV). As you know, Comodo and InCommon have an obligation to issue certificates only for domains that the customer controls. Currently sites demonstrate that control by creating an InCommon-specified CNAME in the DNS, a record that then gets validated by InCommon as proof that you control the specified domain.
Once DCV has been enabled, you will be able to verify a domain via any of three methods:
- CNAME (create a specified DNS entry, as you have previously done with InCommon)
- Email (pick from one of a small list of administrative email addresses acceptable under the CAB Forum requirements,
then click on a link sent to that email address) - HTTP (create a file with a specified name/location on a web server running on the domain name)
These three methods are described in detail in the documents referenced below.
Once you do DCV verification for a domain, in keeping with industry-wide CAB Forum requirements, that verification will be valid for up to 12 months, during which time you will not need to re-verify your control over that domain.
ALL CURRENTLY VERIFIED DOMAINS will be grandfathered in for the first year, and will not need to be DCV reverified until 12 months from now.
For more information on DCV, please visit this Comodo Knowledgebase article
Updated documentation for the new version of the Certificate Manager is available online at the InCommon web site:
- InCommon Certificate Manager, version 4.0, Administrator Guide, 27 February 2013
- Domain Control Validation (DCV) Supplement, 27 February 2013
- Table of Changes in the CM from v 2.11 to 1 March 2013 (v. 4.0) version
- CM Administrator Guide DIFF between 27 January 2012 (v 2.8.24) and 1 March 2013 (v. 4.0)