Re: Seeking RFP text for server and messaging cert mgmt services

[Larry Jennings <ljenning () UTK EDU>]

Mark,
I slightly misspoke there.  I had to verify with our DBA staff and they
reminded me that it was with the Oracle Portal server that we had issues.
Don't know about Oracle App server by itself.  It is my, and our DBA's,
understanding that they are SSLv3 compliant.  We use the InstantSSL certs
on IIS, Apache (Unix) and our Domino v6.0x server with much success.

As for the email client issue, I most always use a Notes client and I
couldn't get the InstantSSL cert to work with it.  I think it should have
worked but could never find the problem.  I gave up and renewed my Thawte
signing cert.  I imagine that a better email client would not have an
issue.  I may try to get it to work on my Notes client again when I have
the time.

And for what it is worth, I use my Thawte email cert for encrypting AIM
chats with others who have certs.  It's nice to have encrypted chats.  I
haven't tried the InstantSSL cert with AIM yet.

Larry

Larry Jennings
IT Manager, NT-Unix Systems Group
University of Tennessee
Voice:  (865)974-1619
Email:  ljenning () utk edu



Mike Wiseman <mike.wiseman () UTORONTO CA>
Sent by: The EDUCAUSE Security Discussion Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
06/15/2004 01:56 PM
Please respond to
The EDUCAUSE Security Discussion Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>


To
SECURITY () LISTSERV EDUCAUSE EDU
cc

Subject
Re: [SECURITY] Seeking RFP text for server and messaging cert mgmt
services






Hi Larry,

I'd be interested in details of the problems you found with Comodo -
before I pursue
pushing them a lot harder! Did the Oracle server support SSLv3? Also, what
were the email
issues?

Thanks,

Mike

Mike Wiseman
Manager - Computer Security Administration
Computing and Networking Services
University of Toronto

----- Original Message -----
From: "Larry Jennings" <ljenning () UTK EDU>
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Tuesday, June 15, 2004 12:47 PM
Subject: Re: [SECURITY] Seeking RFP text for server and messaging cert
mgmt services


> Many of our certs are through Comodo (InstantSSL) as well but we have
> found that certain products won't work with their certs, Oracle App
server
> being one.  I've also had problems using their email signing certificate
> where a Thawte provided one has worked effortlessly.  So we continue to
> use Thawte for those applications that don't work with InstantSSL.
>
> The price is definitely a strong point with InstantSSL.  But with that
low
> price comes an occasional incompatibility problem.
>
>
> Larry
>
>
> Larry Jennings
> IT Manager, NT-Unix Systems Group
> University of Tennessee
> Voice:  (865)974-1619
> Email:  ljenning () utk edu
>
>
>
> Mike Wiseman <mike.wiseman () UTORONTO CA>
> Sent by: The EDUCAUSE Security Discussion Group Listserv
> <SECURITY () LISTSERV EDUCAUSE EDU>
> 06/15/2004 10:36 AM
> Please respond to
> The EDUCAUSE Security Discussion Group Listserv
> <SECURITY () LISTSERV EDUCAUSE EDU>
>
>
> To
> SECURITY () LISTSERV EDUCAUSE EDU
> cc
>
> Subject
> Re: [SECURITY] Seeking RFP text for server and messaging cert mgmt
> services
>
>
>
>
>
>
> Our cert needs started out similarly - SSL certs for administrative
> websites. The central
> IT group purchased Verisign certs up front and were provided with web
> management
> capability to verify the requestor and handle internal chargeback. I
> believe the cost of
> the certs discouraged most academic departments from offering https and
so
> growth in their
> use was low. This past year after some investigation we moved to Comodo
> mainly because the
> server cert prices are much lower and now there is more interest in
> implementing https.
> The reasons for the big price difference seem to be nebulous - my guess
is
> they have to do
> with maturity in the CA business as well as the chained cert technology.
>
> Mike
>
> Mike Wiseman
> Manager - Computer Security Administration
> Computing and Networking Services
> University of Toronto
>
> ----- Original Message -----
> From: "Bill Frazier" <frazier () IASTATE EDU>
> To: <SECURITY () LISTSERV EDUCAUSE EDU>
> Sent: Tuesday, June 15, 2004 8:58 AM
> Subject: Re: [SECURITY] Seeking RFP text for server and messaging cert
> mgmt services
>
>
> > When we got into the use of certs (mostly SSL, a very few
> > code-signing), I had trouble finding a cost effective vendor.
> > This was several years ago.  The actual number of certs needed
> > was unknown as people all over campus were just beginning to
> > realize that these things were useful.  At any rate, we
> > settled on the SPKI (Starter PKI) package from Thawte (since
> > purchased by Verisign but still operating as Thawte).  As it
> > stands now, I purchase what amount to cert tokens in advance.
> > Each of these can be used to purchase a particular kind of
> > cert.  AIT has the contract and we act as the aproving agent
> > (Security Officer).  Cert are issued to requestors (Technical
> > Officers).  The whole thing is web based and we control who
> > are on the list of tech officers.
> >
> > Bill
> >
> > __________________________________________________________________
> > On Mon, 14 Jun 2004 09:57:06 CDT, Gary Dobbins wrote:
> >
> > Has anyone constructed an RFP they can share related to external cert
> > mgmt services like the examples below?  (a couple of Verisign's and
> > Geotrust's offerings)
> >
> >
> > Managed PKI for SSL
> > http://www.verisign.com/products/onsite/ssl/index.html
> >
> > Enterprise SSL
> > http://www.geotrust.com/enterprise_security/enterprisessl.htm
> >
> >
> > True Credentials Express
> > http://www.geotrust.com/enterprise_security/truecredexp.htm
> >
> > Managed PKI for Trusted Messaging
> > http://www.verisign.com/products/trustedMessaging/index.html
> >
> > --
> >
> >    ------------------------------------------------------------
> >    Gary Dobbins, CISSP -- Director, Information Security
> >    University of Notre Dame, Office of Information Technologies
> >
> > **********
> > Participation and subscription information for this EDUCAUSE
Discussion
> > Group d
> > iscussion list can be found at http://www.educause.edu/cg/.
> >
> >
> >
> >
> > __________________________________________________________________
> > Bill Frazier                                 frazier () iastate edu
> > Assistant Director/Software Support          voice: (515) 294-8620
> > Iowa State University                        fax:   (515) 294-1717
> > Academic Information Technologies, 291 Durham, Ames, Iowa 50011
> >
> > **********
> > Participation and subscription information for this EDUCAUSE
Discussion
> Group discussion
> list can be found at http://www.educause.edu/cg/.
> >
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
> Group discussion list can be found at http://www.educause.edu/cg/.
>
>
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
Group discussion
list can be found at http://www.educause.edu/cg/.
>

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.



**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature