Educause Security Discussion mailing list archives

Re: SSL Certificates

From: Ryan Fox <rfox () FINDLAY EDU>
Date: Wed, 18 Mar 2009 09:04:10 -0400

We switched from Thawte to a Digicert wildcard cert last year.  Our
wildcard cert is valid for *.our.edu, and 'licensed' for unlimited
hosts.  It was a big cost savings over Thawte SPKI (but not free), and
simplifies our work greatly as we don't have to request a new cert for
each new service, and is a 3 yr cert so we also only have to install new
certs less often.

That said, wildcard certs have their own unique security challenges, and
an undiscovered compromise of the private key is much, much worse. ;-)

Cheers,
Ryan

Attachment: rfox.vcf
Description:

Current thread:

SSL Certificates Mclaughlin, Kevin (mclaugkl) (Mar 17)
- <Possible follow-ups>
- Re: SSL Certificates Rowe, Ken (Mar 17)
- Re: SSL Certificates Jeff Giacobbe (Mar 17)
- Re: SSL Certificates Consolvo, Corbett D (Mar 17)
- Re: SSL Certificates John Ladwig (Mar 17)
- Re: SSL Certificates Gary Flynn (Mar 18)
- Re: SSL Certificates Brian Epstein (Mar 18)
- Re: SSL Certificates Ryan Fox (Mar 18)
- Re: SSL Certificates Charlie Prothero (Mar 18)
- Re: SSL Certificates Eric Torgersen (Mar 18)
- Re: SSL Certificates Doug Hoffman (Mar 18)
- Re: SSL Certificates Steven Tardy (Mar 18)
- Re: SSL Certificates Cal Frye (Mar 19)