Skip Navigation

Frequent Questions A-Z Index

  
www.hhs.gov

Email Updates E-mail subscriptions envelope Font Size Reduce Text Size Enlarge Text Size     Print Print     Download Reader PDF

HHS Home > OCIO Home

OCIO Home

About the OCIO

Enterprise Architecture

Policy

Capital Planning & Budget

Enterprise Performance Life Cycle

Resource Management

IT Security & Privacy

Records Management

Information Collection / Paperwork Reduction Act

IT Infrastructure and Operations

HHSD IT PMO

E-Government & President's Management Agenda

Plans & Reports

OCIO Site Map

ASA Home

TLS Request and Billing

Information required when requesting a TLS (Transport Layer Security) certificate:

HHS is currently providing two types of 2 year TLS certificates:

  1. Public Trust (99% of Operating System’s “Trusted Root” Certificate Store includes the Root by default)
  2. HHS’s Common Policy (Internal Trust) certificates to support the multiple requirements across the agency. 

The costs for these certificates are listed below:

TYPE OF CERTIFICATE

          COST

Public Trust Certificates

$236.99

Common Policy (Internal Trust)

$82.57

As of October 1st, OPDIVs will have to pay for all TLS certificate purchased.

Information for Request Process

When OPDIVs request TLS certificates, the following information must be provided and clearly stated in the request email:

  • Certificate Use – For example, protecting intranet or internet site
  • Certificate Type Required – Either Public Trust or Common Policy
  • Email address for the IT support group (e.g. fwadmin@mail.nih.gov) or system administrator who should be contacted if there is a change in status with the Certificate Authority (CA).  

The client version of the TLS certificate can be configured to support mutual authentication by modifying the “Extended Key Usage extension.”

  • The Client Mutual Authentication certificates contain Client Authentication and 2.5.29.37.0 (anyExtendedUsage) OID’s.

CSR information:                                          

  1. The Fully Qualified Domain Name (FQDN). E.g. “cn=ned.nih.gov,ou=NIH,o=HHS,l=Bethesda,st=Maryland,c=US
  2. Certificate Size- 2048 Bits
  3. Hash- SHA1  
  4. RSA

Authorization

In order to request certificates on behalf of your OPDIV, individuals must be previously approved by their OPDIV management.  Management should send an e-mail to tragsdale@deloitte.com to provide authorization for an approved requestor.  Authorization has to be received before a CSR can be processed. PKI Help Desk will maintain a list of approved requestors.

Request Process

To request a TLS certificate, create a CSR on your server.  E-mail the created .txt file to tragsdale@deloitte.com.  Along with your request, please specify the type of certificate required (public trust or common policy).  Please note that the size of the certificate keys is now 2048, so check that the key size is appropriately defined in your CSR.  Please ensure that management approval has been received.

HHS Home | Questions? | Contacting HHS | Accessibility | Privacy Policy | FOIA | Disclaimers | Plain Writing Act | No FEAR Act | Viewers & Players
The White House | USA.gov | Inspector General | PaymentAccuracy.gov | HHS Archive | Environmental Justice

U.S. Department of Health & Human Services - 200 Independence Avenue, S.W. - Washington, D.C. 20201