Download the complete service offering
1. Description of Service
The Information Technology Division (ITD) provides reliable and secure centrally managed SSL Certificate Management. MassIT purchases a block of 128 bit, 1 year validity period SSL server certificates from VeriSign. The customer's security administrator generates a certificate request and uses the VeriSign/Commonwealth Certificate Enrollment portal to request a certificate. The security administrator receives the certificate via email.
Secure Sockets Layer (SSL) technology protects a website and makes it easy for website visitors to trust the site in three essential ways:
- An SSL Certificate enables encryption of sensitive information during online transactions.
- Each SSL Certificate contains unique, authenticated information about the certificate owner.
- A Certificate Authority verifies the identity of the certificate owner when it is issued.
This service includes:
- Approve the issuance of a new certificate.
- Change a certificate's challenge phrase and/or administrator's email address.
- Revoke a certificate.
- Reissue a certificate.
- Two levels of certificates: standard 40bit and premium 128bit.
Support services include:
- A Service Account Manager to answer any questions or concerns regarding MassIT Services.
- Services offered through our Operations Office; including Change Management and customer access to incident management via email, phone (CommonHelp).
- The online COMiT service management portal .
- MassIT's Chargeback Billing System.
- For additional Security support services see Security Information Services.
2. Service Targets and Metrics
|Incident Management *||MassIT Service Management Office has standard processes to manage incidents, requests, or changes.|
Outages or urgent issues should be reported by phone to receive the quickest response 1-866-888-2808.
|Request Fulfillment||Staff will respond to service requests 6:00 am - 5:00 pm Monday through Friday.|
|Not available at this time|
|Not available at this time|
3. Service Reporting
The following reporting information is provided to customers as part of this service:
|Notice of Expiration||Email is sent to email address(es) entered during the enrollment process.||30 and 7 days prior to expiration|
4. Service Requests
|COMiT Service Requests*||Description||Lead Time-Business Days|
|Request New SSL Certificate||This is to request a new SSL Certificate. SSL certificates can be issued for one year. MassIT purchases SSL certificates from VeriSign. Agencies requiring a new certificate will be directed to a VeriSign website dedicated to the Commonwealth to request a certificate. Only the agency security administrator can manage these certificates.|
|Renew an Existing SSL Certificate|
This request is to renew an existing SSL certificate that is expiring. MassIT purchases SSL certificates from VeriSign. Agencies renewing a certificate will be directed to a VeriSign website dedicated to the Commonwealth. Only the agency security administrator can manage these certificates.
|Submit an Issue with Current SSL Certificate Service||This request is for assistance with a SSL certificate issue. MassIT purchases SSL certificates from VeriSign. Agencies having issues with a certificate will be directed to a VeriSign website dedicated to the Commonwealth. Only the agency security administrator can manage these certificates.|
**When a customer requests a new or renewed certificate, a BAR (Business Application Request) listing certificate costs must be approved and processed before the service request can be completed.
*For new service requests only. To manage existing requests, please log into COMiT.
5. Customer Responsibilities
The customer will submit requests for certificates through the Verisign/Commonwealth Certificate Enrollment portal and notify MassIT when a certificate should be revoked.
For your convenience, you may view a detailed list of customer responsibilities .
6. Chargeback Rate Information
For more information on Chargeback, including an overview of the program as well as current and previous fiscal year rates, please visit our Chargeback Services webpage.
Costs for certificates are charged directly to customers. Maximum costs for a standard certificate is $221.19 and a premium certificate is $542. MassIT purchases certificates in bulk in order to obtain the lowest cost at the time of purchase, therefore, final costs to customers may be lower.
Reviewed August 14, 2014
Updated August 14, 2014
Published August 14, 2009
Created April 6, 2009: Information provided by the Security Office