Office of the Chief Information Officer

United States Department of Agriculture

Digital Certificate Issuing for Private and Public Key Infrastructure (PKI) Services

An open padlock with the open end above a small image of a workstation. Text reads: NITC provides public key infrastructure services to enhance application security and encrypt data in transit.

Service Description

NITC’s digital certificate issuing service offers customers the ability to leverage Public Key Infrastructure (PKI) and establish trustworthy connections for their application requirements. This service can be used throughout NITC’s PaaS, IaaS, and Managed Hosting offerings as well as with special requests. NITC is able to issue digital certificates to support: web services, client authentication, code signing, and domain controllers. Certificates are issued from a private certificate authority for internal systems or a public trust certificate authority for customers with internet facing systems. NITC’s issued digital certificates support HTTPS and TLS using PKI V2 infrastructure. This service enables the use of encryption and digital signature services across a wide variety of systems and applications.

What is Included

NITC can issue the following digital certificate types:

  • Internal Private PKI Digital Certificates
    • Web Server TLS/SSL
    • Client Authentication
    • Code Signing
  • External Public PKI Digital Certificates
    • Web Server TLS/SSL
    • Client Authentication
    • Wild Card
    • Multi-Domain EV / UC / SAN

How We Charge

  • A flexible cost structure for digital certificates which customers pay only for certificates they are issued.
  • Digital certificates are billed as a one-time fee for the lifespan of that certificate.
  • Certificates are typically issued for a 2 year period and remain valid through their expiration date.

Service Level Metrics

Measure Target SLA
Public Key
Infrastructure Service
24 x 7
System Monitoring 24 x 7
Incident Response 24 x 7

Cost Saving Tips

  • Internal private certificates can be issued if your system is not internet accessible (meaning only accessed by internal systems or users).
  • Multi-domain certificates may cost less and have a longer life-cycle than a Wild Card certificate.

Additional Information

  • For security and authenticity, certificates are only issued from a Certificate Signing Request (CSR). Certificates are issued rapidly once a CSR is received.
  • Once issued, certificates can be installed and managed by NITC or customer application administrators.
  • To initiate the renewal process, notifications are established between 30 - 60 days prior to expiration.
  • NITC can register public domains on the customer’s behalf through an authorization process.
  • See NITC's rate sheet for all certificate pricing.

An image of the National Information Technology Center art with the text: Service Desk: 888-USE-NITC