SSL certificates for the ucsb.edu domain and subdomains are managed by the Security Operations Center ("SOC") and issued by Sectigo (formerly Comodo) CA through a subscription with InCommon Federation: https://www.incommon.org/certificates/.
The SOC may delegate the management of a subdomain to an organizational unit ("Department") for the purpose of independent management (request/issuance/revocation) of SSL certificates in that subdomain.
Certificate management is performed on the vendor site: https://cert-manager.com/customer/InCommon.
The Department will request SSL certificate management permission through this web form. The Department head must name all proposed delegated managers; up to four delegated managers may be proposed for a Department, each of whom must be a career employee.
The SOC reserves the right to refuse any proposed designee.
If approved, the SOC will create a Department within the InCommon Certificate Manager web interface and associate it with any approved Department subdomain(s). The defined Department will have permission to issue certificates only for the subdomain(s) specified for that Department.
The SOC will create an Administrator within the InCommon Certificate Manager web interface and assign a Department Registration Authority Officer (DRAO) role within the InCommon Certificate Manager for each Department-assigned administrator. Initial login credentials will be shared with each administrator, along with basic training on how to issue certificates.
No Wildcard SSL certificates are to be issued by the Department.
No Code-Signing certificates are to be issued by the Department.
The Department head is responsible for notifying the UCSB SOC via email at email@example.com when a departmental DRAO leaves so that the user's access may be revoked.
A Department's acceptance of delegation constitutes agreement to the above terms. Failure to follow terms may result in termination of delegation privileges.
By requesting delegation the Department head agrees to assume responsibility for ensuring the security of the certificate issuance process for the associated subdomains.