Skip Navigation

 

Frequent Questions

Font Size Reduce Text SizeEnlarge Text Size     Print Send this page to printer     Download Reader  Download PDF readerHHS Home|HHS News|About HHS

OCIO Home > Enterprise Solutions > HHSIdentity

OCIO Home

About the OCIO

Policy

Enterprise Architecture

Enterprise Performance Life Cycle

Capital Planning & Budget

IT Contracting & Purchasing

Enterprise Solutions

HHSMail

HHSNet

HHSIdentity

Networx Transition

National Communications System

IT Security & Privacy

E-Government & President's Management Agenda

Plans & Reports

OCIO Site Map

TLS Request and Billing

Information required when requesting a TLS (Transport Layer Security) certificate:

HHS is currently providing two types of 2 year TLS certificates:

  1. Public Trust (99% of Operating System’s “Trusted Root” Certificate Store includes the Root by default)
  2. HHS’s Common Policy (Internal Trust) certificates to support the multiple requirements across the agency. 

The costs for these certificates are listed below:

TYPE OF CERTIFICATE

          COST

Public Trust Certificates

$546.90

Common Policy (Internal Trust)

$135.73

However, a decision was made on October 20th: all TLS certificates requested prior to FY2010 will be provided by HHS to the OPDIVs at no cost and will be purchased by the EIT fund. The OPDIVs will be required to pay for any new TLS certificates purchased beginning FY2010.

 NOTE:  Since there is a significant difference in price, all requests for the Public Trust Certificate will undergo an additional review process by Ken Calabrese’s office to ensure that this type of certificate is required. The requests are sent to his office once a week, COB on Tuesday. Generally, the turnaround time is approximately one week.

Information for Request Process

When OPDIVs request TLS certificates, the following information must be provided and clearly stated in the request email:

  • Certificate Use – For example, protecting intranet or internet site
  • Certificate Type Required – Either Public Trust or Common Policy
  • Email address for the IT support group (e.g. fwadmin@mail.nih.gov) or system administrator who should be contacted if there is a change in status with the Certificate Authority (CA).  

The client version of the TLS certificate can be configured to support mutual authentication by modifying the “Extended Key Usage extension.”

  • The Client Mutual Authentication certificates contain Client Authentication and 2.5.29.37.0 (anyExtendedUsage) OID’s.

CSR information:                                          

  1. The Fully Qualified Domain Name (FQDN). E.g. “cn=ned.nih.gov,ou=NIH,o=HHS,l=Bethesda,st=Maryland,c=US
  2. Certificate Size- 2048 Bits
  3. Hash- SHA1  
  4. RSA

Request Process

To request a TLS certificate, create a CSR on your server.  Then, e-mail the created .txt file to besimon@deloitte.com and tragsdale@deloitte.com.  Along with your request, please specify the type of certificate required (public trust or common policy).  Please note that the size of the certificate keys is now 2048, so check that the key size is appropriately defined in your CSR.


horizontal line

HHS Home | Questions? | Contacting HHS | Accessibility | Privacy Policy | FOIA | Disclaimers | Inspector General | No FEAR Act
The White House | USA.gov | HHS Archive | Flu.gov

U.S. Department of Health & Human Services · 200 Independence Avenue, S.W. · Washington, D.C. 20201