DoIT received certification in 2001 as a self-signed Public Key Infrastructure (PKI) Certificate Authority (CA) and Registration Authority (RA) following an independent audit and "root key" generation ceremony. Annual third party audits ensure the digital certificates issued are secure and trustworthy.
DoIT, by Legislative directive, is the sole source of digital certificates for State of Illinois agencies, boards, commissions, universities and those who do business with them. Additionally, local, county and municipal governmental entities are permitted to utilize these services.
Illinois' public key infrastructure (PKI) is necessary to assist with determining the identity of different people, devices and services. PKI goes beyond the use of user ID and password by employing cryptographic technology such as digital certificates and digital signatures which create unique credentials that are validated by a third party. Illinois' PKI is governed by roles, policies and procedures to ensure the appropriate management of digital certificates and public-key encryption. Illinois' PKI functions through the creation and issuance of cryptographic keys by the Illinois Certificate Authority (CA) which provides a public key for distribution throughout the user base and a secret key for private use by the entity (or individual) to which it belongs. The private key is typically used for decryption or digital signatures.
Digital certificates provide identity information, resist forgery and can be verified by an official third party (Illinois' PKI). Illinois certificates obtain information such as the name of the certificate holder, a serial number, expiration dates, a copy of the holder's public key and a digital signature of Illinois CA to assist recipients with certificate validation. Illinois' digital certificates conform to the X.509 standard.
Service recipients can utilize digital certificates for digitally signing documents, files and emails. When sending digital messages and documents, the digital signature associated with the certificate ensures the messages originate with a known sender (i.e., authentication) who cannot deny sending the message (i.e., non-repudiation) and ensures the message has not been altered (i.e., integrity).
A simple way of viewing this is that when two persons or two machines want to communicate electronically, both ends of the exchange are validated by a central (third party) Certificate Authority assuring that each end of the conversation is:
- Who it is supposed to be;
- Exchange between the two ends is both private and secured;
- Contents of the document have not been altered.
A digital certificate used for encryption ensures that a file, document, or email can only be read by the intended recipient or recipients. Complex mathematical algorithms are used to ensure that the data cannot be decrypted by brute force attempts.
Encrypted communication, the second cryptographic service available, ensures that the method of transporting the message, document or data is secure and not compromised. Secure Socket Layer (SSL) communications, as an example, creates an exchange between two machines ensuring that the server of origination is valid, the receiving server is valid and that the exchange between the sender and receiver is encrypted and cannot be "sniffed" or read when traversing the public network.
When going to the login page of a website or making a purchase online via providing a credit card, a "lock" appears at the bottom or top of the browser indicating the communication with the receiving server is secure and verified. DoIT can assist with setting up SSL security.
DoIT fees waived at this time.
Service can be procured, modified or cancelled by selecting the "Order Services" button near the top of the right pane.
Staff will respond to service requests during the published business hours. DoIT targets to provision this service as follows:
- Certificates for in-state applicants completed on-line within 5 minutes
- Out-of-state applications processed within 2 business days of receipt
Incident Response and Resolution
All incidents reported to DoIT will be captured in the DoIT IT service management ticketing system and addressed according to the Incident Management Guidelines
To report an incident, contact PKI Digital Certificate support group, Monday through Sunday, 8:00 AM to 4:30 PM at 866-465-9119.
This service will be available 24/7 excluding planned outages, maintenance windows and unavoidable events.