Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 15


Although unlimited client certificates are available to all subscribers of the InCommon Certificate Service at no extra charge, a new or existing subscriber explicitly chooses whether or not to issue client certificates. This choice may be made at any time. Before client certificates can be issued, the subscriber's Executive contact must complete and submit this online application form.

Questions? Please send email to

... with "Client Certificate Question" in the subject line.


subjectClient Cert Application
subjecthiddenSubjectClient Certificate Application

User email$

Name of Applying Organization:width:500pxOrganization_Nametexttrue

Name(s) of RAO
Please provide the name of one or more RAOs to manage client certificates at your institution. Please note: These should be the same RAOs that manage your SSL and other certificates. An institution can register a maximum of three RAOs total, not three per certificate type.

RAO #1:width:500pxRAO1texttrue
RAO #2:width:500pxRAO2textfalse
RAO #3:width:500pxRAO3textfalse

Key Escrow
Please note: We strongly encourage you to visit our wiki and read the sections on .

If your organization was created prior to 8 March 2011, Key Escrow for the top level of your Organization was enabled by default. In this case, we will contact the first RAO you list above about creating and taking possession of your organization's master private key for Key Escrow. The master private key is the sole means of decrypting the database of escrowed user private keys. Esccrow may be turned off at the department level.

All organizations created after 8 March 2011 have Key Escrow turned off at the top level, but RAOs may still enable key escrow for new departments if they wish. Our wiki has further .

The decision about key escrow is final and cannot be subsequently modified.

Applicant Information
Please tell us who you are.

First Name: Your first namewidth:300pxFirst_Nametexttrue
Last Name: Your last namewidth:300pxLast_Nametexttrue
Email: Your email addresswidth:300pxemailtexttrueemail
Your Position/Title:width:500pxtitletexttrue
Phone: Your phone number (during business hours)width:500pxphonetexttrue Submitter: width:500pxsubmittertexttrue


The following is a true statementpolicy_confirmationcheckboxYestrue

I am aware that our organization's use of this new class of certificate — Client certificates — client certificates must comply with InCommon's relevant certification policies and our participation agreement and related certificate addenda.


Press the "Submit Application" button to send the completed application form to InCommon staff for further processing. You will receive a copy via email.

Submit Applicationtrue

wikiApplication Accepted!

Thank you for submitting your request to enable client certificates for your organization.