Re: SSL scaling

["King, Ronald A." <raking () NSU EDU>]

We originally started using ipSCA a few years back, but, then they had that
thing happen (their root certificate expired at year end 2009!).  We also
find their root cert is not included in all browsers.  It was nice as we had
a free 2 year certificate.   Recently, we have acquired a couple of free
StartCom signed certs.  They seem to be included in the browsers we tested.
We plan on requesting more.  However, their site is unavailable at the
moment...

 

 

Ronald King

Security Engineer

Norfolk State University

Marie V. McDemmond Center for Applied Research

Suite 401

700 Park Ave.

Norfolk, Virginia  23504

Phone:  757-823-3918

Fax: 757-823-2128

Email: raking () nsu edu

http://security.nsu.edu

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Frazier, William S
[ITSYS]
Sent: Wednesday, June 15, 2011 3:40 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SSL scaling

 

I have no idea whether the costs are acceptable for you or not, but have you
considered the InCommon Certificate Service.  We found that the cost was a
substantial saving over our previous solution.  Granted, we were already
InCommon member, but I believe the savings would have been significant even
factoring in membership.

 

One major benefit of the service is that it is geared to higher ed.

 

Bill

------------------------------------------------------------------ 

Bill Frazier                                 frazier () iastate edu

Unix OS, Apps, Evolving Technologies Lead   voice: (515) 294-8620

Iowa State University                        fax:   (515) 294-1717

Information Technology Services, 251 Durham, Ames, Iowa 50011-2251

 

 

 

From: Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
Date: Wed, 15 Jun 2011 14:12:31 -0500
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] SSL scaling

 

 

You could consider Ipsca's free for 2yr certs for education or some other
cheap vendor.   Or you can consider wildcards ir your own pki.   The latter
of course is a whole other issue to manage.

Dexter

 

The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> writes:

We currently use a vended managed PKI portal that allows us to issue SSL
certs to internal customers when they roll out a website, but its costs
increase almost linearly with the size of our web portfolio. With the way
the web is moving, I don't think this linear growth is sustainable. What
solutions are in place and recommended among small to medium institutions
for managing SSL certificates? Is a wild card cert the only way to manage
this growth?

 

I confess when I first moved to Higher Ed I was surprised to find that
Educause itself doesn't operate in the CA space. After it has vetted an
institution for a .edu domain, the process for validating that institution's
identity is already shortcut, is it not?

 

(I apologize if this is a FAQ. I've been unable to access the
listserve.educause.edu site to research the archives for some reason.)

 

Best wishes,

Michael A. Smith

Web & Digital / Academic Technologies Manager

Nazareth College

Attachment: smime.p7s
Description: