Educause Security Discussion mailing list archives
Re: SSL/SSH certifiactes -- Consider looking at InCommon
From: Jack Suess <jack () UMBC EDU>
Date: Fri, 14 May 2010 19:34:50 -0400
Bruce, You might look at joining InCommon for the Certificate Service. In mid-March I mentioned that InCommon was looking at the possibility of deploying a certificate service. I wanted to update this group and let you know that this is going forward.A full rollout is expected during summer 2010. Some of the benefits we see with the InCommon Cert Service are the following: + Cost savings - unlimited SSL and personal certificates for a fixed annual fee • unlimited SSL, personal signing, encryption, and code signing PKI certificates. • pricing based on Carnegie classification ($2,000 - $20,000) annually. See full fee schedule here. • Internet2 members receive a 25 percent discount. • must be an InCommon participant (see benefits of InCommon participation and how to join InCommon). + Security and usability - one publicly signed certificate source for all campus servers at no marginal cost. + Innovative - first real step toward signed email and second-factor authentication in US higher education. Resources • One-page flyer (pdf) http://www.incommonfederation.org/cert/doc/InC_Cert.pdf • FAQ (pdf) http://www.incommonfederation.org/cert/doc/faq.pdf • Fee Schedule http://www.incommonfederation.org/cert/cert_fee.html We know that there will be questions and tweaks that we have to do with this and encourage you to send questions and comments to incommon-info () incommonfederation org. Jack Suess UMBC VP of IT & CIO jack () umbc edu 1000 Hilltop Circle 410.455.2582 Baltimore Md, 21250 On May 13, 2010, at 12:06 PM, Daniel Bennett wrote:
You could obtain a wildcard certificate (*.domain.edu) and use fully qualified domain names (ap11.domain.edu) for all your devices. Daniel Bennett IT Security Analyst Pennsylvania College of Technology P:570.329.4989 E:dbennett () pct edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Entwistle, Bruce Sent: Thursday, May 13, 2010 12:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] SSL/SSH certifiactes We are currently reviewing our network security. One of the tools we are using in this process is reporting a vulnerability as a result of using self signed certificates on our Cisco IOS devices (switches, routers, access points) for ssh and ssl connections. Rather than purchase 300 certificates to address this issue I thought I would ask what others are doing in this area. Thank you Bruce Entwistle Network Manager University of Redlands
Jack Suess UMBC VP of IT & CIO jack () umbc edu 1000 Hilltop Circle 410.455.2582 Baltimore Md, 21250
Attachment:
smime.p7s
Description:
Current thread:
- Re: SSL/SSH certifiactes -- Consider looking at InCommon Jack Suess (May 14)