Division of IT: Security

Secure Sockets Layer (SSL) Certificates

When a browser operates in secure mode, the information that is being transferred is encrypted. Encryption prevents anyone except the actual sender or receiver and the server from viewing the information. This involves a process called Secure Sockets Layer (SSL).

To ensure the SSL connection is made to the intended server, certificates are used. The secure server and browser exchange certificate information when a connection is established. You should use a SSL certificate to secure the interactions with your webserver if you are requiring user authentication or storing, transmitting or displaying any Data Classification Level 2, 3 or 4 data. Examples would be any proprietary business data or FERPA/HIPAA-protected information, monetary transactions or anything requiring authentication.

Most browsers come pre-loaded with trusted certificate authorities, allowing a secure web page to automatically load. If the SSL certificate is not in the browser's pre-loaded list, a root certificate must be downloaded to identify the certificate as a trusted source.

InCommon SSL Certificate Service

The Division of IT issues certificates from the InCommon Certificate Service. These are commercial certificates issued by the Comodo Certificate Authority. The InCommon certificates have a root certificate from Comodo's AddTrust External CA Root. This certificate is installed in the pre-loaded trusted certificate authority stores for over 99% of browsers.

Fees

InCommon certificates offered by the Division of IT are free of charge to MU and UM departments.

Availability

Request InCommon certificates online by completing the InCommon Certificate Enrollment Form. A valid MU PawPrint and password are required to request a certificate.

Questions

Send questions or comments to isam@missouri.edu