Educause Security Discussion mailing list archives
Re: Free SSL certs for .edu by company included in browser lists
From: Steve Lovaas <steven.lovaas () COLOSTATE EDU>
Date: Fri, 17 Nov 2006 09:25:43 -0700
The primary gotcha of using wildcard SSL certs (one cert valid for *.yourorg.edu) is that you need to have a mechanism to distribute them to everyone in your organization who wants to run an HTTPS site. If you don't adequately protect this distribution mechanism, then someone can bring up a rogue site in your org (so long as they can get the DNS and firewall permissions right) with an SSL that guarantees the client that they're connecting to a legitimate site hosted by you. Also, you need to be very careful about expiration date, since a wildcard cert would make ALL SSL-secured sites go invalid on the same day some years in the future when you're probably no longer there to remember what to do :) Steve Lovaas Colorado State University Jeff Giacobbe wrote: <snip>
We have not tried the wildcard certificate yet (it almost sounds too good to be true.) Has anyone had experience with wildcard certs - from any vendor? Are there any pitfalls to using one as opposed to a traditional hostname-based cert?
<snip> -- ============================================================== Steven Lovaas, MSIA, CISSP Network & Security Resource Manager Academic Computing & Network Services Colorado State University 970-297-3707 Steven.Lovaas () ColoState EDU ==============================================================
Current thread:
- Free SSL certs for .edu by company included in browser lists Gary Flynn (Nov 17)
- <Possible follow-ups>
- Re: Free SSL certs for .edu by company included in browser lists Charlie Prothero (Nov 17)
- Re: Free SSL certs for .edu by company included in browser lists Vuong Phung (Nov 17)
- Re: Free SSL certs for .edu by company included in browser lists Br. Kenneth Arnold (Nov 17)
- Re: Free SSL certs for .edu by company included in browser lists Consolvo, Corbett (Nov 17)
- Re: Free SSL certs for .edu by company included in browser lists Jeff Giacobbe (Nov 17)
- Re: Free SSL certs for .edu by company included in browser lists Steve Lovaas (Nov 17)
- Re: Free SSL certs for .edu by company included in browser lists Dick Jacobson (Nov 17)
- Re: Free SSL certs for .edu by company included in browser lists Steve Lovaas (Nov 17)
- Re: Free SSL certs for .edu by company included in browser lists Julian Thompson (Nov 17)