Educause Security Discussion mailing list archives
Re: SSL scaling
From: "King, Ronald A." <raking () NSU EDU>
Date: Wed, 15 Jun 2011 16:25:53 -0400
We originally started using ipSCA a few years back, but, then they had that thing happen (their root certificate expired at year end 2009!). We also find their root cert is not included in all browsers. It was nice as we had a free 2 year certificate. Recently, we have acquired a couple of free StartCom signed certs. They seem to be included in the browsers we tested. We plan on requesting more. However, their site is unavailable at the moment... Ronald King Security Engineer Norfolk State University Marie V. McDemmond Center for Applied Research Suite 401 700 Park Ave. Norfolk, Virginia 23504 Phone: 757-823-3918 Fax: 757-823-2128 Email: raking () nsu edu http://security.nsu.edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Frazier, William S [ITSYS] Sent: Wednesday, June 15, 2011 3:40 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] SSL scaling I have no idea whether the costs are acceptable for you or not, but have you considered the InCommon Certificate Service. We found that the cost was a substantial saving over our previous solution. Granted, we were already InCommon member, but I believe the savings would have been significant even factoring in membership. One major benefit of the service is that it is geared to higher ed. Bill ------------------------------------------------------------------ Bill Frazier frazier () iastate edu Unix OS, Apps, Evolving Technologies Lead voice: (515) 294-8620 Iowa State University fax: (515) 294-1717 Information Technology Services, 251 Durham, Ames, Iowa 50011-2251 From: Dexter Caldwell <Dexter.Caldwell () FURMAN EDU> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Wed, 15 Jun 2011 14:12:31 -0500 To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] SSL scaling You could consider Ipsca's free for 2yr certs for education or some other cheap vendor. Or you can consider wildcards ir your own pki. The latter of course is a whole other issue to manage. Dexter The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> writes: We currently use a vended managed PKI portal that allows us to issue SSL certs to internal customers when they roll out a website, but its costs increase almost linearly with the size of our web portfolio. With the way the web is moving, I don't think this linear growth is sustainable. What solutions are in place and recommended among small to medium institutions for managing SSL certificates? Is a wild card cert the only way to manage this growth? I confess when I first moved to Higher Ed I was surprised to find that Educause itself doesn't operate in the CA space. After it has vetted an institution for a .edu domain, the process for validating that institution's identity is already shortcut, is it not? (I apologize if this is a FAQ. I've been unable to access the listserve.educause.edu site to research the archives for some reason.) Best wishes, Michael A. Smith Web & Digital / Academic Technologies Manager Nazareth College
Attachment:
smime.p7s
Description:
Current thread:
- SSL scaling Michael A. Smith (Jun 15)
- Re: SSL scaling Julian Y Koh (Jun 15)
- Re: SSL scaling Jay Fowler (Jun 15)
- Re: SSL scaling Dexter Caldwell (Jun 15)
- Re: SSL scaling John Ladwig (Jun 15)
- Re: SSL scaling Flynn, Gary - flynngn (Jun 15)
- Re: SSL scaling Jay Fowler (Jun 15)
- Re: SSL scaling Frazier, William S [ITSYS] (Jun 15)
- Re: SSL scaling John Ladwig (Jun 15)
- Re: SSL scaling Frazier, William S [ITSYS] (Jun 15)
- Re: SSL scaling King, Ronald A. (Jun 15)
- Re: SSL scaling Jack Suess (Jun 15)
- Re: SSL scaling Hubert, Wesley R (Jun 16)
- Re: SSL scaling Michael Fertig (Jun 17)
- Re: SSL scaling Kevin Halgren (Jun 21)
- Re: SSL scaling Jack Suess (Jun 17)
- Re: SSL scaling Andy Hooper (Jun 20)
- Re: SSL scaling Michael Fertig (Jun 17)