Main Nav

A few months ago I posted a request asking about certificate management practices from those schools who were enrolled in the InCommon certificate service. Today I'm asking if any one using that service is issuing personal certificates? If so, do you require an additional level of vetting? What are people using the personal certs for (non-repudiation, integrity assurance, encryption, authentication)? And finally, how might these personal certs differ from the Free Secure Email Certificates that Comodo is offering to the general public ( Feel free to reply off list is you prefer (, and I'll be happy to compile and anonymize answers for a summary posting to the list. -- Martin Manjak CISSP, GIAC GSEC-G Information Security Officer University at Albany MSC 209 518/437-3813 The University at Albany will never ask you to reveal your password. Please ignore all such requests.


Message from

Hi Martin: We are using it - this is a relatively new service for us. We vet via our Central Login Service for the personal certs and then have a stronger vetting process for the server certs. - Kevin Kevin L. McLaughlin,  CISM, CISSP, GIAC-GSLC, CRISC, PMP, ITIL Master Certified Assistant Vice President, Information Security & Special Projects University of Cincinnati 513-556-9177   The University of Cincinnati is one of America's top public research institutions and one of the region's largest employers, with a student population of more than 42,700.