Re: Free SSL certs for .edu by company included in browser lists

[Jeff Giacobbe <giacobbej () MAIL MONTCLAIR EDU>]

All-

Montclair State began moving many of our internal and external-facing
web sites to ipsCA  SSL certs about a year ago (thanks to a tip on this
list, if I recall.)

The only 2 issues we have had using these certs are:

1) When someone is using older (>2 years) versions of Mozilla and Safari
that don't have the ipsCA root cert pre-installed.  This is quickly
becoming a moot point as the percentage of outdated browsers continually
declines.

2) Apparently some popular versions of Java (up to and including 1.4.x I
believe) aren't bundled with the ipsCA root cert and will fail when
attempting to use SSL connections.  We ran into this issue with a 3rd
party Java app and had to purchase a Thawte cert for that particular case.

In general, we've been extremely happy with the free ipsCA certificates
and I'd recommend them for all but the most "public" of your secure web
services. For example if you have a payment gateway for online
registration you may still want to opt for a cert from a more "well
know" company like Thawte or (<gack>) Verisign just to be sure you have
100% compatibility with all older web browsers.

We have not tried the wildcard certificate yet (it almost sounds too
good to be true.) Has anyone had experience with wildcard certs - from
any vendor?  Are there any pitfalls to using one as opposed to a
traditional hostname-based cert?

Regards,

Jeff Giacobbe
Director of Systems, Security, and Networking
Montclair State University


Br. Kenneth Arnold wrote:
> We have three processes using certificates from ipsCA and will be adding
> a fourth process soon.  My experience has been:
>
> 1.  The price is very reasonable. Free for two years to edu domains and
> very inexpensive after that.