Re: ipsCA and free .edu certs

[Charlie Reitsma <reitsmac () DENISON EDU>]

You make a good point. But what I found was that we were cutting  
corners and not
encrypting because of the cost of the certs. No one was happy with  
self-signed certs, having to explain to clients what the popups meant,  
and how to install the root cert. Having a source for free certs from  
a recognized root has spurred us on to getting all our services  
covered. I am hoping that EDUCAUSE would prevent frivolous domain  
registrations in the .edu space

Quoting Mike Wiseman <mike.wiseman () UTORONTO CA>:

> I've been looking into these also. I am wondering about the low  
> prices - you know - if it sounds too good to be true... From a  
> technical point of view, the root cert uses 1024 bit keys which is a  
> bit low for a root. Also, the root expires in 2009 which introduces  
> uncertainty for me as a reseller to my campus - am I going to have  
> to switch CAs in a year? Perhaps the most troubling is their  
> verification process - the registrant of the domain name gets a cert  
> with no further checking. So any of these marketers who buy  
> permutations of legitimate domain names can easily get a cert for  
> it, for example, in the case of my institution's domain  
> 'utoornto.ca'. I'm hesitant to support this kind of service.
>
> Mike
>
>
> Mike Wiseman
> Computing and Networking Services
> University of Toronto
>
>
>
>
> > Hi Rob, I believed this topic was posted here before. Below was my  
> > response. You may want to query the archive list for more info on  
> > this topic. Also, in my email below is the email from the vendor  
> > stated that you can have free wildcard cert too. My webmail cert  
> > works fine with safari, firefox, ie and konqueror.
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Vuong Phung
> > Operating Systems Administrator
> > College of Science - Dean's Office
> >
> > San Jose State University
> > One Washington Square
> > San Jose, CA 95192-0099
> > Duncan Hall 33
> >
> > Tel 1.408.924.5056
> > Fax 1.408.924.5033
> > Web https://ncs.science.sjsu.edu/helpdesk
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > -----Original Message-----
> > From: Vuong Phung
> > Sent: Friday, November 17, 2006 7:49 AM
> > To: 'The EDUCAUSE Security Discussion Group Listserv'
> > Subject: RE: [SECURITY] Free SSL certs for .edu by company included in
> > browser lists
> >
> >
> > We've been using their certs since last year and they work great on  
> > both IIS and Apache. Wildcard is free for edu according to the  
> > response that I got last year from their tech support. You can  
> > check out our webmail ssl site below, we also use their ssl for our  
> > webdav connection. The process to get the cert is fast too. Vuong
> >
> > https://epsilon.science.sjsu.edu/exchange
> >
> >
> > > -----Original Message-----
> > > From: Rodolfo Lomascolo [mailto:r.lomascolo () ipsca com]
> > > Sent: Thursday, July 07, 2005 8:34 AM
> > > To: 'Vuong Phung'
> > > Cc: support () ipsca com
> > > Subject: RE: Signed Certificate : epsilon.science.sjsu.edu
> > >
> > >
> > > Dear Mr Phung,
> > >
> > > The free edu ssl is always free, and it will continue to be like this.
> > >
> > > The wildcard for edu is also free.
> > >
> > > BR
> > >
> > > ***********************************************************
> > > Rodolfo Lomascolo r.lomascolo () ipsca com
> > > Tel: + 34 91 640 20 52  Movil: + 34 609 30 25 13
> > > ipsCA, Edificio ECU, ctra Coruña km 23,200
> > > 28290 -  ParqueRozas - Madrid - Spain
> > > http://certs.ipsca.com       http://www.ipsca.com
> > > ***********************************************************
> > >
> > > -----Mensaje original-----
> > > De: Vuong Phung [mailto:vphung () science sjsu edu]
> > > Enviado el: jueves, 07 de julio de 2005 17:30
> > > Para: 'r.lomascolo () mail ips es'
> > > Asunto: RE: Signed Certificate : epsilon.science.sjsu.edu
> > >
> > >
> > > Dear Customer Service,
> > >
> > > I would like to know how much it will cost to extend .EDU ssl license after
> > > 2 years free. Also, do you have wildcard ssl license for .EDU and how much
> > > does it cost??? Thanks!
> > >
> > >
> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > Vuong Phung
> > > Operating Systems Administrator
> > > College of Science - Dean's Office
> > >
> > > San Jose State University
> > > One Washington Square
> > > San Jose, CA 95192-0099
> > > Duncan Hall 33
> > >
> > > Tel 1.408.924.5056
> > > Fax 1.408.924.5033
> > > Web http://ncs.science.sjsu.edu/helpdesk
> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > -----Original Message-----
> > From: Gary Flynn [mailto:flynngn () JMU EDU]
> > Sent: Friday, November 17, 2006 6:51 AM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: [SECURITY] Free SSL certs for .edu by company included in
> > browser lists
> >
> >
> > Anyone using these folks or know anything about them:
> >
> > http://certs.ipsca.com/
> >
> > They also advertise wild card certs with no limit
> > on hosts for $276.00/year.
> >
> > http://certs.ipsca.com/Products/ipsca_ssl_Wildcard_certificates.ASP
> >
> >
> >
> > --
> > Gary Flynn
> > Security Engineer
> > James Madison University
> > www.jmu.edu/computing/security
> > -----Original Message-----
> > From: Rob Tanner [mailto:rtanner () LINFIELD EDU]
> > Sent: Tuesday, February 13, 2007 1:21 PM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: [SECURITY] ipsCA and free .edu certs
> >
> >
> > Hi folks,
> >
> > It was recently brought to my attention that ipsCA offers free 2 year
> > 256 bit SSL certificates for educational institutions (in the .edu
> > domain).  Does anybody have any experience with them?  I note that their
> > root cert is bundled into Firefox, but does anyone know  about IE or
> > Safari?  Is there a limit to the number of certificates?
> >
> > Thanks,
> > Rob
> >
> >
> > --
> > Rob Tanner
> > UNIX Services Manager
> > Linfield College, McMinnville OR