Body
Environment
Web Hosting, InCommon Certificates, Web Application Sign Up (WASUP), Automate Certificate Management Environment (ACME), InCommon Certificate Manager (ICM)
Issue
ITS facilitates the process for U-M units and individuals to get InCommon server certificates. Managing InCommon certificates is an ongoing process of requesting new certificates and renewing them each year before they expire.
Resolution
The following options are not mutually exclusive. A unit may use ACME for some certificates and the ICM web app for others.
- ACME for automating renewals (recommended for all units): To prevent a certificate from expiring inadvertently, ITS recommends that you implement the Automatic Certificate Management Environment (ACME) protocol to automate the renewal process between the certificate authority and your web servers
- InCommon Certificate Manager (ICM) for self-managed requests: Units that manage more than 20 certificates and have two full-time IT staff (who are responsible for their unit’s certificate management) can use the InCommon Certificate Manager (ICM) to directly request and renew InCommon certificates.
For more information on each of these, see https://its.umich.edu/computing/web-mobile/certificate-services. Includes links to TeamDynamix forms for requesting the above services.
ITS recommends ACME over ICM. And people who are currently using WASUP or ICM should consider starting to switch to ACME now in order to automate certificate renewals. The worldwide CA/Browser (CA/B) Forum announced that it will be reducing the maximum lifetimes for server certificates in order to improve website security. See InCommon Certificate Service for more information about this change.
Additional Information
Need additional information or assistance? Contact the ITS Service Center.