SSL, TLS, and X.509 certificates are digital certificates that authenticate a system’s identity and enable an encrypted connection. “Systems” include websites, network appliances, printers, copiers, scientific instrumentation, video conferencing, servers (including directory servers, mail servers, and file servers, and more).
The different types of certificates and their uses are:
- InCommon Server. Use for servers, services, and devices that are accessed by people.
- InCommon Client. Use for authenticating web browsers and/or users to services as a form of Multi-Factor Authentication. Can be used to encrypt email, but ITS strongly recommends using Virtru instead.
- InCommon Code Signing. Use to sign software.
- Active Directory. Internally used by U-M servers and computers that are members of the university’s Active Directory domain.
For more information and links to resources, see:
- InCommon Certificate Service
InCommon Certificates (2048-bit) are available to members of the U-M community for U-M use at no cost. Rather than obtaining a per-certificate discounted price, the InCommon Federation negotiated a flat annual rate for obtaining unlimited SSL certificates. The University of Michigan participates in this arrangement.
- Active Directory (UMROOT) Certificates
University Windows computers will trust Active Directory automatically, so this certificate is primarily of concern to Linux systems that authenticate against Active Directory.