Download the complete service offering doc format of certificate_management_services_definition.doc

 

 

1. Description of Service

The Information Technology Division (ITD) provides reliable and secure centrally managed SSL Certificate Management. MassIT purchases a block of 128 bit, 1 year validity period SSL server certificates from VeriSign. The customer's security administrator generates a certificate request and uses the VeriSign/Commonwealth Certificate Enrollment portal to request a certificate. The security administrator receives the certificate via email.

Secure Sockets Layer (SSL) technology protects a website and makes it easy for website visitors to trust the site in three essential ways:

  • An SSL Certificate enables encryption of sensitive information during online transactions.
  • Each SSL Certificate contains unique, authenticated information about the certificate owner.
  • A Certificate Authority verifies the identity of the certificate owner when it is issued.
This service includes:
  • Approve the issuance of a new certificate.
  • Change a certificate's challenge phrase and/or administrator's email address.
  • Revoke a certificate.
  • Reissue a certificate.
  • Two levels of certificates: standard 40bit and premium 128bit.
Support services include:

 

 

2. Service Targets and Metrics

Targets

Service Requirement

Description

Incident Management *MassIT Service Management Office has standard processes to manage incidents, requests, or changes.
Outages or urgent issues should be reported by phone to receive the quickest response 1-866-888-2808.
Request FulfillmentStaff will respond to service requests 6:00 am - 5:00 pm Monday through Friday.

 

Metrics

Performance

Description

Measurements

Not available at this time  

Availability

Description

Measurements

Not available at this time  

 

 

3. Service Reporting

The following reporting information is provided to customers as part of this service:

Report

Description

Reporting Interval

Notice of ExpirationEmail is sent to email address(es) entered during the enrollment process.30 and 7 days prior to expiration

 

 

 

4. Service Requests

COMiT Service Requests* DescriptionLead Time-Business Days
Request New SSL CertificateThis is to request a new SSL Certificate. SSL certificates can be issued for one year. MassIT purchases SSL certificates from VeriSign. Agencies requiring a new certificate will be directed to a VeriSign website dedicated to the Commonwealth to request a certificate. Only the agency security administrator can manage these certificates.

5 Days**
Renew an Existing SSL Certificate

This request is to renew an existing SSL certificate that is expiring. MassIT purchases SSL certificates from VeriSign. Agencies renewing a certificate will be directed to a VeriSign website dedicated to the Commonwealth. Only the agency security administrator can manage these certificates.

 

 


5 Days**

Submit an Issue with Current SSL Certificate ServiceThis request is for assistance with a SSL certificate issue. MassIT purchases SSL certificates from VeriSign. Agencies having issues with a certificate will be directed to a VeriSign website dedicated to the Commonwealth. Only the agency security administrator can manage these certificates.  


5 Days

**When a customer requests a new or renewed certificate, a BAR (Business Application Request) listing certificate costs must be approved and processed before the service request can be completed.

*For new service requests only. To manage existing requests, please log into COMiT.

 

 

 

5. Customer Responsibilities

The customer will submit requests for certificates through the Verisign/Commonwealth Certificate Enrollment portal and notify MassIT when a certificate should be revoked.

For your convenience, you may view a detailed list of customer responsibilities doc format of certificate_management_services_definition.doc
.

 

 

 

6. Chargeback Rate Information

For more information on Chargeback, including an overview of the program as well as current and previous fiscal year rates, please visit our Chargeback Services webpage.

Costs for certificates are charged directly to customers. Maximum costs for a standard certificate is $221.19 and a premium certificate is $542. MassIT purchases certificates in bulk in order to obtain the lowest cost at the time of purchase, therefore, final costs to customers may be lower.

 


Reviewed August 14, 2014
Updated August 14, 2014
Published August 14, 2009
Created April 6, 2009: Information provided by the Security Office