1.0 Purpose

Instructional and Campus Technology offers centrally funded SSL server certificates through the InCommon Digital Certificate service. The InCommon higher education federation has contracted with Comodo to provide a range of SSL options for its members (www.incommonfederation.org). The service is available at no cost to Elon departments. The goal of the service is to promote the use of SSL where appropriate and to streamline and expedite the process of obtaining a certificate.
Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the internet. SSL allows client-server applications to communicate across network in a way designed to prevent eavesdropping, tampering or message forgery; in short, it encrypts communication between the client and the server.

2.0 Scope

The audience for this policy is managers, administrators and/or technical staff that are responsible for University systems, applications, appliances, and sites that utilize SSL/TLS as any part of a Public Key Infrastructure (PKI) framework.

3.0 Definitions

Certificate, also Digital Certificate: An electronic document used to bind together a public key with an identity.
HTTPS: A combination of the Hypertext Transfer Protocol (HTTP) with the SSL/TLS protocol to provide encryption and secure identification of the server.
Public Key Infrastructure (PKI): A set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
SSL/TLS, also Secure Socket Layer and Transport Layer Security: Protocols used to authenticate servers and clients and to encrypt messages between the authenticated parties.

4.0 Policy

Any University system, application, appliance or site that uses the Login or username/password combination for purposes of authentication or that transmits/receives classified data is required to:

  1. Employ Secure Sockets Layer (SSL), Transport Layer Security (TLS) or their equivalent cryptographic protocols for authenticating and establishing identities, and maintaining encrypted communications channels between endpoints; and
  2. Use a Secure Hypertext Transport Protocol (HTTPS) connection based on server-side SSL certificates signed by a recommended trusted third-party certificate provider (InCommon higher education federation).