Digital Certificates

Request Service Digital Certificates

Service Level Agreement

Information Technology Services
The University of Texas at Austin
Effective Date: 7/1/2008
Last Edited 09/26/2008

Score

Rate Service

Customer Satisfaction Score Customer rating bar graph of 2.9

2.9

Overview

The Digital Certificates service allows University of Texas at Austin faculty and staff to acquire X.509 compatible certificates for digital signing and encryption. A Web site including an overview of digital certificates, instructions for new users, and help with revocation and recovery of certificates is available at ITS Web site for the Digital Certificates service.

Review Process

This document defines the practices that Information Technology Services (ITS) will use for the Digital Certificates service. The details of this document may be reviewed and amended as required, or at least annually, to accurately reflect business and service needs.

Time Conventions

Unless otherwise indicated, business hours are from 8 AM to 5 PM, Monday through Friday, excluding holidays and reduced schedule days.

Scope

The following user communities at the university are the intended recipients for the Digital Certificates service: faculty and staff.

Service Criticality

This service has been identified as Important, based on the ITS Critical Services Assessment Criteria. Please refer to the Critical Services Assessment Criteria for more information on the assessment methodology.

Service Description

Digital Certificates include:

Online key issuance and revocation/recovery management
Dual-key digital certificate signed by VeriSign for use with encryption and signing

Digital Certificates allow users to exchange information securely via e-mail as well as employ certificate-based encryption. The service does not provide the mechanisms to use the certificates directly. Instead, it is the information used by applications to ensure that data is secure and authentic.

Supported Computing Environment

Currently, the Digital Certificates service is supported in two modes: issuance and use.
Issuance
Internet Explorer 6 and 7 are supported on the Windows 2003, Windows XP, and Windows Vista operating systems.
Firefox is supported on the Windows XP, Windows Vista, Mac OS X 10.4+, and Linux operating systems.
Safari is not supported at this time.
Use
For use, ITS does not provide a definitive list of approved applications for use with Digital Certificates. Examples of tested configurations include:
Email signing and encryption: Outlook 2003, Outlook 2007, Entourage 2004, Mac Mail, Outlook Web Access, Thunderbird.
For the latest information on tested systems and a complete list of supported procedures, refer to the ITS Web site for the Digital Certificates service.
For the latest information on tested systems and a complete list of supported procedures, refer to the ITS Web site: http://www.utexas.edu/its/user-certs.

Technical Support

Technical support, assistance with downloading and installing digital certificates, problem report/resolution, and requests for recovery or revocation are outlined below. End users always start with Tier 1, which is basic support. Tier 2 is the second support level and is reserved for more complex issues. Departmental desktop support staff and the ITS Help Desk may escalate issues to Tier 2.
End users always start with Tier 1, which is basic support. Tier 2 is the second support level and is reserved for more complex issues. Departmental desktop support staff and the ITS Help Desk may escalate issues to Tier 2.

Tier 1 Support

If the department has desktop support staff, these individuals offer Tier 1 support for end-user problems in their departments.
If a department does not have desktop support staff, the ITS Help Desk offers Tier 1 support for end-user problems during business hours.

-* http://www.utexas.edu/its/help
-* 512-475-9400

The ITS Help Desk also offers assistance with Technical Resource Account Control (TRAC) which gives departments online control of ITS service subscriptions. Digital Certificate issuance begins with authorization for a certificate in the TRAC system.

Tier 2 Support

Tier 2 support is accessed through the Help Desk by both departmental desktop support staff and end users that do not have designated help staff.
Windows Enterprise Services (WES) provides Tier 2 support.
Tier 2 support is available 8:00 a.m. to 5:00 PM, Monday through Friday, excluding holidays and reduced schedule days.
Requests are typically responded to within one business day.

Special Support

Recovery and Revocation Support:

The Information Security Office, in partnership with WES, provides recovery and revocation support. Instructions can be found at the following URL: http://www.utexas.edu/its/user-certs/answers/recover.php .
Recovery and revocation support is available 8:00 a.m. to 5:00 p.m., Monday through Friday, excluding holidays and reduced schedule days.
Requests are typically responded to within one business day.
Only encryption certificates can be recovered. Signing certificates are not recoverable.
Additional information concerning Digital Certificates and their support can be found in the online documentation at: ITS Web site for the Digital Certificates service.

Service Availability

This section provides information about the normal schedule of times when the service is available, the times specified for scheduled maintenance, and defines expectations for reporting service problems and changes.

Normal Service Availability

The Digital Certificates issuance Web site is designed to be available for customer use 24 hours-per-day, seven days-per-week, 365 days-per-year (24x7x365), excluding scheduled maintenance times. The TRAC Web site is also designed to be available (24x7x365). TRAC availability is limited only by the working hours of departmental account sponsor.
Once an individual has claimed a digital certificate, hours available for use are limited only by technical issues with the individual's computer.

Scheduled Maintenance

Scheduled maintenance for the Digital Certificates service is essential for upgrades and to maintain security, and may occur weekly on Sundays from midnight until six AM.

Problem Reporting and Change Notification

ITS will notify customers using the ITS Services Status page of service availability and service delivery issues for the Digital Certificates. To the maximum extent possible, installation of service, application, and security updates will be performed during scheduled maintenance.

Key Service Indicators

List of Metrics/Measures

WES will measure the ease of acquiring a certificate in the following way:

The actual number of Digital Certificates issued, as shown in the VeriSign SQL database, compared to the number of people who push the "Submit" button on the Web site to generate a certificate. (Digital Certificates issued/Push count for the "Submit" button.) The goal is 80%.

The Help Desk will measure the ease of use of service in the following way:

The number of support calls within a month for Digital Certificates compared to the number of certificates issued. (Support Calls/Number of Certificates) The goal is a range of 10 - 20% of Digital Certificates will need support.

The Help Desk will measure its responsiveness to Digital Certificate issues as follows:

Turnaround time for subscribers to receive resolution for Digital Certificate issues reported to the Help Desk. The goal is a between one to two days.

Dependencies

Certificate issuance is dependent upon Web Central, TRAC, University Data Center power, the network, and related systems. The availability of these services will have a direct impact on the availability of the Digital Certificates issuance Web site.

Service Report Card

ITS will publish performance for this service in the public ITS Services Report Card.

Other Party Responsibilities

In addition to the services provided by ITS, subscribers (users) of the service and identified owners/administrators agree to certain important responsibilities. All parties agree to be aware of and adhere to the university's Acceptable Use Policy.

User/Subscriber Responsibilities

Be aware of and adhere to UT System policies regarding Category-I data storage on portable computing devices http://utsystem.edu/ciso/SPB1.pdf .
Be aware of and adhere to the university's Acceptable Use Policy at http://www.utexas.edu/vp/it/policies/aup/ .
Read the Digital Certificates documentation at ITS Web site for the Digital Certificates service.
Follow the directions for requesting and downloading certificates described on the Web site.
Subscribers (end users) may back up their own signing key in a secure location (e.g., encrypted on a CD and in a locked drawer or safe etc.).
Provide contact information for your department desktop support staff (if applicable) as requested by ITS for support.
Provide critical information to ITS in a timely manner when requested for purposes of resolving subscriber issues.

Departmental IT Support Staff

Be aware of and adhere to UT System policies regarding Category-I data storage on portable computing devices at http://utsystem.edu/ciso/SPB1.pdf.
Be aware of and adhere to the university's Acceptable Use Policy at http://www.utexas.edu/vp/it/policies/aup/ .
Assume responsibility for keeping contact information for their department's desktop support staff current and ensure that there are adequate backups.
Do not back up signing keys.
Read the Digital Certificates documentation at ITS Web site for the Digital Certificates service.

Cost of Service

Currently, Digital Certificates are centrally funded for the 2007-2008 and 2008-2009 fiscal years. They are provided to faculty and staff at no cost.

Trouble viewing the documents available on this page? Download the Adobe PDF Reader.