Client Certificate Information

Summary

UB issues no-fee escrowed client (i.e. personal, email, etc.) certificates to current employees in and only in the domain Buffalo.EDU via InCommon. We also issue client certificates for non-persons (email aliases) to departments upon approval by the CIO.

Usage

Client certificates are used to

Signing is this most common usage but secure communication of sensitive information using an insecure channel (e.g. email) is an important use. Note that an encrypted conversation requires that all parties have a client certificate.

Management

Signing uses your current private key and verification uses your current public key. If signed text is verified proximate to sending, certificate renewal does not complicate this process. Encryption is more complex. Each client certificate has a unique key-pair so an encrypted message can only be decrypted with the key-pair used for encryption. Since reading encrypted text at some future time may require a key-pair that has been replaced it's advised to archive encrypted messages in secure, encrypted storage outside the mail system. Otherwise all key-pairs will need to be retained for an indefinite period.

Retrieving your certificate

You will receive an email from <support@cert-manager.com> similar to that shown below. 

From: Certificate Services Manager  
To: Victor E. Bull 
Subject: Invitation Email - You have requested email certificate validation.

Dear Victor E. Bull,

You now need to complete the following steps:

    * Click the following link to validate your email https://cert-manager.com/ ...
      (if the link doesn't work please copy request code ...
      Your request code: ...
    * Type in a PIN to protect your email certificate
    * Click 'Download' to collect your certificate.
      You should save this file to a safe place on your hard drive.
    * Import your new certificate into your email client and/or internet browser.