Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSL Certificates

From: Steven Tardy <sjt5 () ITS MSSTATE EDU>
Date: Wed, 18 Mar 2009 09:30:13 -0500
Kevin (mclaugkl) Mclaughlin wrote:

How are the rest of you dealing with this type of request?  Are there any inherent risks with approving these types of 
requests?

===============================================================
Hello, Kevin Mclaughlin,

I am sending this email to ask your help in the approval of our trial SSL certificate application.

We have applied a trial SSL certificate from ipsCA (http://certs.ipsca.com<http://certs.ipsca.com/>) for our web site 
http://XXX<http://xxx/>, which will provide online clinical data collection function for Translational research

=====================================================================


we've used IPSCA SSL certificates for a year or two.
mostly on test/internal/non-forward facing projects, main ssl pages are still thawte.
the only problems we've had were easily solved by proper configuration.

1) browser doesn't have IPSCA root certificate.
add to your apache ssl.conf:
   SSLCertificateChainFile /etc/httpd/conf/ssl.crt/IPS-IPSCABUNDLE.crt

2) java doesn't have IPSCA root certificate.
import the bundle into java:
   /opt/jre/bin/keytool -import -alias ispca -file \
   /etc/httpd/conf/ssl.crt/IPS-IPSCABUNDLE.crt -keystore /opt/jre/lib/security/cacerts

free is better than not free.

--
Steven Tardy
Systems Programmer
Information Technology Infrastructure
Information Technology Services
Mississippi State University
sjt5 () its msstate edu
Previous By Date Next
Previous By Thread Next

Current thread: