Versions Compared

Version Old Version 37 New Version Current
Changes made by

Greg Jewett

Greg Jewett

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Who needs a Client Certificate (aka Digital Certificate)?

Individuals who process or work with sensitive data are the ideal candidates who should be using a client certificate to ensure that data when transmitted via email or other means is encrypted to prevent accidental disclosure.  These are high-level guidelines and provide only a broad outline of likely users. Consult with your desktop support staff or the

Multiexcerpt include macro
macro_uuide94c27b5-b44c-406f-b64b-a669cfd85a0b
nameInformation Security Office
templateDataeJyLjgUAARUAuQ==
pageLinks Page for Digital Certificates
addpanelfalse
if you have questions.

Examples:

  • Researchers who have human subject information.

  • Medical Staff who deal with

    Status
    colourYellow
    titleHIPAA
    information.

  • Faculty members who work with student information, aka

    Status
    colourBlue
    titleFERPA
    .

  • Any Faculty or Staff who wishes to email 

    Status
    colourRed
    titleCATEGORY I
    data to their colleagues or others.

  • When sending emails, you want to ensure that the recipients can verify that it was sent from you and your legitimate email account.

Info

See the

Multiexcerpt include macro
macro_uuid0f01c7dc-5e36-4c61-81c1-eca752d49308
nameExtended List of Category-I Data
templateDataeJyLjgUAARUAuQ==
pageLinks Page for Digital Certificates
addpanelfalse
for examples of what constitutes Category-I data.

Need a client certificate?

Click the button below to see instructions and the steps necessary to complete the request and install after it has issued.

Auibutton
fullWidthfalse
color#FF991F
shaperounded
filterSpacefalse
iconatlaskit-MentionIcon
destinationconfluencePage
textColorPaletteDefault
preset
typefilled
titleRequesting and Installing Client Certificate
textColor#091E42
url{"label":" (DC) Request and Installation","value":"https://cloud.wikis.utexas.edu/wiki/spaces/digitalcertificates/pages/39224176/DC+Request+and+Installation"}
targetfalse
an.spaceKeydigitalcertificates
sizemedium
iconPositionbefore
idl4i2untkp9k
category
alignmentleft
backgroundColorPaletteDefault

Table of Contents

Table of Contents
minLevel1
maxLevel6
outlinefalse
styledefault
typelist
printabletrue

Client/Digital Certificate Caveats

Important facts regarding Client/Digital certificates:

  • Available only to faculty and staff.   Student use may be considered in the future.

  • The certificate is only valid for three(3) years.  After that, a new or renewed certificate must be requested. It is highly recommended that you request and obtain a new certificate before the previous one expires.

  • Certificates are for use by individuals. Role-based certificates are not supported.
    This means that the name on a certificate is an individual name rather than a title, such as President, Provost, Professor, etc..

  • These are for individual use and can not be used on a server.  Please see (DC) SSL Certificates.

  • Certificates are not built into any Web or token-based authentication methods offered by ITS on campus at this time.

What is a digital certificate?

A digital certificate is a pair of files on your computer that you can use to create the digital equivalent of handwritten signatures and sealed envelopes. Each pair of files is divided into two parts: the public key and the private key. The public key is the portion that is shared; the private key is the portion that you, and only you, should have access to. Your computer and programs understand how to share only the public portion of your keys so that others can see them, while still keeping your private keys secure.

For example, when sending an email message, you can digitally sign the message by attaching your digital certificate. Once they receive the message, recipients can verify that it came from you by viewing the small attachment on the email, which contains your public key information.  Depending on the email client, it may be represented as an attachment, or displayed in the header. This protects you from people who might try to "spoof" an email that looks like it came from you but is really sent from a different email account.

You can also use digital certificates to electronically sign documents. This is one reason why it is extremely important to protect the private key portions of your certificate files and never share them. You could be legally bound to something, and it would be extremely difficult to prove that it wasn't you who digitally signed the message.

When you encrypt a message, you create the equivalent of a sealed envelope so that only you and the recipient can see the message. Normally, when you send an email message, it is the electronic equivalent of a postcard—anyone who has access to the network between you and the recipient can potentially read that postcard. With the encryption offered by the digital certificates, you can avoid this problem. In the case of encryption, you use the recipient's public key, which is easy to find using the university's directory, to encrypt the message. Only the recipient has the private key that allows the message to be decoded.

The digital certificates that are available from ITS are issued by an independent, recognized and mutually trusted third party that guarantees that the certificate is valid, and therefore guarantees that you can trust it. This third party is known as a certificate authority. The university has chosen the InCommon Federation, which uses Comodo Ltd., as its certificate authority.

SUMMARY
Security provided by certificates

  • Identification / Authentication:
    The persons / entities with whom we are communicating are really who they say they are.

  • Confidentiality:
    The information within the message or transaction is kept confidential. It may only be read and understood by the intended sender and receiver.

  • Integrity:
    The information within the message or transaction is not tampered accidentally or deliberately with en route without all parties involved being aware of the tampering.

  • Non-Repudiation:
    The sender cannot deny sending the message or transaction, and the receiver cannot deny receiving it.

  • Access Control:
    Access to the protected information is only realized by the intended person or entity.

All the above security properties can be achieved and implemented through the use of Public Key Infrastructure (aka Digital Certificates).

What makes up a digital certificate?

The electronic files that comprise the digital certificate contain:

  1. The person's name

  2. An email address

  3. A serial number

  4. A public key

  5. An expiration date

  6. A digital signature

Panel
panelIconIdatlassian-warning
panelIcon:warning:
panelIconText:warning:
bgColor#FFEBE6

When you download a digital certificate, you will receive both public and private keys. The public keys are the ones that you will use to sign and encrypt emails. The private keys are the ones that will be stored on your computer. You should never share the private key(s).