InCommon Certificates & Unit Responsibilities

ITS facilitates the process for U-M units and individuals to get InCommon server certificates.

Units are responsible for the ongoing process of managing their InCommon certificates, which includes certificate renewals and installations. The following tools are provided to units and have unit-specific responsibilities.

Tool Unit Responsibilities
ACME for automating renewals (recommended for all units)

To prevent a certificate from expiring inadvertently, units can use the ACME protocol to automate the renewal process between the certificate authority and web servers or other services that require certificates. This requires the unit to:

  1. Set up an enrollment account.
  2. Download and install ACME client software.
  3. Configure the ACME client software

See Use ACME to Automate Renewals of InCommon Certificates for the detailed steps.

Web Application Sign Up (WASUP) for ITS-managed requests

Units can use WASUP to request an InCommon certificate. To use WASUP, units first need to:

  1. Generate a certificate signing request (CSR) by following their servers’ instructions.
  2. Identify a six-digit university Shortcode and the name of the authorized signer in order to complete a request. Although a Shortcode is required, accounts are not billed.

After using WASUP to request an InCommon certificate, units are responsible for:

  1. Installing the certificates on their servers.
  2. Renewing the certificate annually.
InCommon Manager (ICM) for self-managed requests

Units that manage more than 20 certificates and that have two full-time IT staff (who are responsible for their unit’s certificate management) can use the InCommon Manager (ICM) to directly request and renew InCommon certificates.

  1. Submit a request to ITS to set up an InCommon account.
  2. Use ICM to request a certificate.
  3. Download the certificate.
  4. Install the certificate.

See Use InCommon Manager (ICM) to Request or Renew Certificates for the detailed steps.