Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSL Certificates

From: "Rowe, Ken" <kenrowe () UILLINOIS EDU>
Date: Tue, 17 Mar 2009 18:11:14 -0500
Web servers running in operational (not development) environment must have an official certificate.
We would not allow a trial certificate, especially when dealing with (HIPAA-restricted?) sensitive data.

Ken.
== 
Ken Rowe
Director of Enterprise Systems Assurance and Information Security
University Office of Administrative Information Technology Services
University of Illinois
50 Gerty Drive, MC-673
Champaign, IL 61820
E kenrowe () uillinois edu
O 217.265.0415
F 217.333.6991
-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv on behalf of Mclaughlin, Kevin (mclaugkl)
Sent: Tue 3/17/2009 2:18 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] SSL Certificates
 
How are the rest of you dealing with this type of request?  Are there any inherent risks with approving these types of 
requests?

===============================================================
Hello, Kevin Mclaughlin,

I am sending this email to ask your help in the approval of our trial SSL certificate application.

We have applied a trial SSL certificate from ipsCA (http://certs.ipsca.com<http://certs.ipsca.com/>) for our web site 
http://XXX<http://xxx/>, which will provide online clinical data collection function for Translational research

=====================================================================
Thanks,
-Kevin

Kevin L. McLaughlin,  CISM, CISSP, GIAC-GSLC, PMP, ITIL Master Certified
Assistant Vice President, Information Security & Special Projects
University of Cincinnati
513-556-9177
Previous By Date Next
Previous By Thread Next

Current thread: