Office of the Chief Information Officer

United States Department of Agriculture

Digital Certificate Issuing for Private and Public Key Infrastructure (PKI) Services


Service Description

Digital Infrastructure Services Center's (DISC's) digital certificate issuing service offers customers the ability to leverage Public Key Infrastructure (PKI) and establish trustworthy connections for their application requirements. This service can be used throughout DISC’s Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and Managed Hosting offerings as well as with special requests. DISC can issue digital certificates to support: web services, client authentication, code signing, and domain controllers. Certificates are issued from a private certificate authority for internal systems or a public trust certificate authority for customers with internet facing systems. DISC’s issued digital certificates support HTTPS and TLS using PKI V2 infrastructure. This service enables the use of encryption and digital signature services across a wide variety of systems and applications.

What is Included

DISC can issue the following digital certificate types:

  • Internal Private PKI Digital Certificates
    • Web Server TLS/SSL
    • Client Authentication
    • Code Signing
  • External Public PKI Digital Certificates
    • Web Server TLS/SSL
    • Client Authentication
    • Wild Card
    • Multi-Domain EV / UC / SAN

How We Charge

  • A flexible cost structure for digital certificates which customers pay only for certificates they are issued.
  • Digital certificates are billed as a one-time fee for the lifespan of that certificate.
  • Certificates are typically issued for a 2 year period and remain valid through their expiration date.

Service Level Metrics

Measure Target SLA
Public Key
Infrastructure Service
24 x 7
System Monitoring 24 x 7
Incident Response 24 x 7

Cost Saving Tips

  • Internal private certificates can be issued if your system is not internet accessible (meaning only accessed by internal systems or users).
  • Multi-domain certificates may cost less and have a longer life-cycle than a Wild Card certificate.

Additional Information

  • For security and authenticity, certificates are only issued from a Certificate Signing Request (CSR). Certificates are issued rapidly once a CSR is received.
  • Once issued, certificates can be installed and managed by DISC or customer application administrators.
  • To initiate the renewal process, notifications are established between 30 - 60 days prior to expiration.
  • DISC can register public domains on the customer’s behalf through an authorization process.
  • See DISC's rate sheet for all certificate pricing.

Contact Us: