SSL/TLS Certificate - InCommon Certificate Service Vendor Transition (Sectigo → CERTInext)

Transition completion date: July 17, 2026

Additional information is available from InCommon:

• https://incommon.org/certificate-service-transition
• https://spaces.at.internet2.edu/spaces/CERTSVC/pages/388300988/Certificate+Service+Home

This service issued approximately 2,000 server certificates last year via https://servercertificates.wisc.edu through the vendor Sectigo and after July 17th, 2026, CERTInext. 

Here is a highlight of what will remain the same, what is changing, and steps going forward:

Existing Certificates

Existing Certificates already issued will continue to be valid until their expiration date. (Yes, this means you can renew certs right up until the transition date, probably 7/16 to be safe)

Pricing

Continued service and support for SSL/TLS certificates for servers to the UW-Community at no charge.

Code Signing certificates are not cost covered, and will be available as a purchased add-on. We are awaiting pricing for this.

Client certificates will not covered, and of note - current certificates can be used for client authentication, but that extended usage is going away soon across the industry.

Manual certificate issuance

Continued support via https://servercertificates.wisc.edu that will require moderate development work from our team to integrate with CertiNext’s new API.

We encourage you to automate, that said not all applications or vendors support native certificate automation and as a result, there will be increased administrative burden with industry standard shortened certificate lifespans.

ACME-issued certificates

Continued support for automated ACME issuance but requires minimal changes for existing customers (updating a single URL and credentials)

IGTF certificates

Continued support for academic grid computing

Questions? servercertificates@doit.wisc.edu