Educause Security Discussion mailing list archives
Re: SSL certificate purchasing
From: "Judd, Taylor Allen" <tjudd () ILLINOIS EDU>
Date: Thu, 13 Nov 2014 18:38:27 +0000
A few concerns with using wildcard certs at scale: 1. Private key for cert stored on multiple servers. One host compromised all hosts using this cert are now compromised. You may save money in buying the cert but consider the operational costs of replacing them all in the event of a compromise. 2. Makes it much easier to create spoofs or honeypots. Again compromise host I can now use your SSL cert to mimic your site much easier as I’m not tied to a single domain. If you are good with these additional risk than they may be worth it, but it’s why I personally avoid using them. Taylor From: <Maloney>, Michael <mmaloney () MIDDLESEXCC EDU<mailto:mmaloney () MIDDLESEXCC EDU>> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Thursday, November 13, 2014 at 12:27 PM To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: Re: [SECURITY] SSL certificate purchasing We use Digicert for our wildcards. They have a utility that scans your network and will tell you where it finds the cert in use at. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Thomas Carter Sent: Thursday, November 13, 2014 1:22 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] SSL certificate purchasing We’ve considered that. How do you keep up with everywhere it’s used when time to renew? Thomas Carter Network and Operations Manager Austin College 903-813-2564 [AusColl_Logo_Email] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike Cunningham Sent: Thursday, November 13, 2014 12:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] SSL certificate purchasing We get a wildcard cert from COMODO that we can put on as many servers as needed for one price. We can use any *.pct.edu name with one cert From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Thomas Carter Sent: Thursday, November 13, 2014 12:58 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] SSL certificate purchasing We don’t have enough SSL certs around to qualify for one of the “get as many as you want for one price” deals, but the costs do seem high for non-essential sites. Has anyone used a reseller for cheaper prices like namecheap of GoGetSSL? They offer the basic Thawte SSL123 certs for $35 a year, which is considerably cheaper than the $149 Thawte lists. Thomas Carter Network and Operations Manager Austin College 903-813-2564 [AusColl_Logo_Email]
Current thread:
- Re: SSL certificate purchasing, (continued)
- Re: SSL certificate purchasing Mike Cunningham (Nov 13)
- Re: SSL certificate purchasing David Lundy (Nov 13)
- Re: SSL certificate purchasing Roger A Safian (Nov 13)
- Re: SSL certificate purchasing Baumgartner, Mark A. (Nov 13)
- Re: SSL certificate purchasing David Lundy (Nov 13)
- Re: SSL certificate purchasing Maloney, Michael (Nov 13)
- Re: SSL certificate purchasing Glassman, Stephen (Nov 13)
- Re: SSL certificate purchasing Mark Montague (Nov 13)
- Re: SSL certificate purchasing Nick Semenkovich (Nov 13)