Public Key Infrastructure (PKI) at LSU: General Information


Public Key Infrastructure (PKI): General Information


What is a Public Key Infrastructure (PKI)?

A Public Key Infrastructure uses a chain of Certificate Authorities to create digitally signed certificates for asymmetric encryption. Signed certificates are part of a chain of trust that can be validated up from the issued certificate at the bottom of the chain up to the Certificate Authority. Because of this chain, PKI helps support validating the authenticity of a resource that is configured with a signed certificate. Operating Systems and Browsers maintain a list of current trusted Certificate Authorities, which allows for certificates signed by these authorities and their delegates to be implicitly trusted. A certificate may not be trusted if the certificate is not signed by one of the implicitly trusted Certificate Authorities, expired, or does not match the current host; this will cause browsers to display a warning such as "Your connection is not private" or indicate the site is not secure.

 

How does PKI at LSU work?

A private key and a certificate signing request (CSR) is generated. The CSR is submitted to our Certificate Authority (InCommon). The Certificate Authority signs the certificate, and the signed certificate is made available. When the signed certificate is configured on a server and paired with the private key, it allows for clients to establish a secure channel.  

Currently, certificates being signed by our Certificate Authoritity are valid for either 365 or 396 days before requiring renewal. 

 

How to request or download certificates?

We offer two routes for signed certificates:

PKI Self Service: Administrators can upload CSRs and download their signed certificates from our self-service portal at https://pki.its.lsu.edu. Signed certificates are generally available within 1 business day of submission. Signed certificates must be manually uploaded and configured on the web server with the private key.

  • For more information, visit the LSU PKI Self-Service Site. Please note, you must be on-campus or connected to VPN to access the PKI website. Only faculty and staff can access the site. 

ACME: Administrators can register for an ACME account and use an ACME client to automate some aspects of certificate management. Signed certificates are provided directly to the system after submitting the CSR. ACME clients can be configured to automatically renew and install the signed certificate. 

 

For other issues or questions, please submit a PKI Service Request: https://itservice.lsu.edu/TDClient/30/Portal/Requests/ServiceDet?ID=53

 
194
2/7/2025 1:46:59 PM