Re: SSL/SSH certifiactes -- Consider looking at InCommon

[Jack Suess <jack () UMBC EDU>]

Bruce,

You might look at joining InCommon for the Certificate Service.

In mid-March I mentioned that InCommon was looking at the possibility of deploying a certificate service. 
I wanted to update this group and let you know that this is going forward.A full rollout is expected during summer 2010.

Some of the benefits we see with the InCommon Cert Service are the following:
+ Cost savings - unlimited SSL and personal certificates for a fixed annual fee
        • unlimited SSL, personal signing, encryption, and code signing PKI certificates.
        • pricing based on Carnegie classification ($2,000 - $20,000) annually. See full fee schedule here.
        • Internet2 members receive a 25 percent discount.
        • must be an InCommon participant (see benefits of InCommon participation and how to join InCommon).
+ Security and usability - one publicly signed certificate source for all campus servers at no marginal cost.
+ Innovative - first real step toward signed email and second-factor authentication in US higher education.

Resources

        • One-page flyer (pdf)   http://www.incommonfederation.org/cert/doc/InC_Cert.pdf
        • FAQ (pdf)                      http://www.incommonfederation.org/cert/doc/faq.pdf
        • Fee Schedule              http://www.incommonfederation.org/cert/cert_fee.html

We know that there will be questions and tweaks that we have to do with this and encourage you to send questions and 
comments to
incommon-info () incommonfederation org. 


Jack Suess            UMBC VP of IT & CIO
jack () umbc edu    1000 Hilltop Circle
410.455.2582     Baltimore Md, 21250










On May 13, 2010, at 12:06 PM, Daniel Bennett wrote:

> You could obtain a wildcard certificate (*.domain.edu) and use fully qualified domain names (ap11.domain.edu) for all 
> your devices.
> Daniel Bennett
> IT Security Analyst
> Pennsylvania College of Technology
> P:570.329.4989
> E:dbennett () pct edu
>  
>  
>  
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
> Entwistle, Bruce
> Sent: Thursday, May 13, 2010 12:02 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] SSL/SSH certifiactes
>  
> We are currently reviewing our network security.  One of the tools we are using in this process is reporting a 
> vulnerability as a result of using self signed certificates on our Cisco IOS devices (switches, routers, access 
> points) for ssh and ssl connections.  Rather than purchase 300 certificates to address this issue I thought I would 
> ask what others are doing in this area.
>  
> Thank you
> Bruce Entwistle
> Network Manager
> University of Redlands

Jack Suess            UMBC VP of IT & CIO
jack () umbc edu    1000 Hilltop Circle
410.455.2582     Baltimore Md, 21250

Attachment: smime.p7s
Description: