Re: SSL Certificates

[Charlie Prothero <Charlie.Prothero () KEYSTONE EDU>]

We have been using IPSCA certs at Keystone College for years.  They deliver
certs via E-Mail, and their check is that you're listed as the technical or
admin contact for your domain.  I'm the admin contact, and our network admin
is our tech contact, so either one of us can get a cert from IPSCA.  By
comparison, other CA's that we had dealt with were expensive and a hassle to
work with (i.e. faxing or mailing documents around to prove who you are).
IPSCA usually delivers a cert within a few hours of the request.

As others have noted, IPSCA is in the trusted list on nearly everyone's
browser.  If anyone is still running a browser old enough not to have it,
they're probably going to have other problems.  Also, note that getting onto
MS and Mozilla trusted CA lists requires passing an intensive audit.  If
they pass that standard, I'm pretty confident that they meet ours.

Re: free the first two years, we have never tried to "renew" an expiring
cert.  IPSCA's system allows you to request a new cert for the same server
name - so if you have one that's expiring, you can just go through the
normal request process to get a new one.

Once you get a cert, they send you a verification HTML page and an icon to
display on your site to show that you're using IPSCA.  I think that giving
them a little PR is a small price to pay for the value we get from them, so
we have posted them on our sites.

Please feel free to visit the sites below to see how the IPSCA certs work:

Mail server (Exchange OWA):

http://samurai05.keystone.edu/

Student information system (net.data on an AS/400):

https://kcconnect.keystone.edu/cgi-bin/login.mbr/login


Cheers!

- Charlie


Charlie Prothero
CIO

Keystone College
One College Green . La Plume, PA 18440
570-945-8015

Attachment: smime.p7s
Description: