Educause Security Discussion mailing list archives
New Thawte Enterprise Certificate Center
From: Gary Flynn <flynngn () JMU EDU>
Date: Mon, 11 Jan 2010 16:10:14 -0500
I have a question to those of you who have transitioned from Thawte's old SPKI center to the new enterprise certificate center. In the old system, our "technical officers" could see all certs so they could back each other up in renewing certs when people were on vacation, out sick, etc. In the new system, "subscribers" can only see certs they requested. So other "subscribers" can no longer back them up. Thawte's suggested solution was to promote all the subscribers to administrators/security officers which subverts the request/approval mechanism as they'd be able to approve their own (and others') cert requests. I do not want to do that. The only other option that comes to mind would be to use shared accounts and passwords for the subscriber accounts which I'm philosophically opposed to. How would I know who was actually requesting a cert or renewal if the request comes from a shared account? Have you figured out a way to allow your subscribers to back each other up? Gary Flynn Security Engineer James Madison University
Current thread:
- New Thawte Enterprise Certificate Center Gary Flynn (Jan 11)
- <Possible follow-ups>
- Re: New Thawte Enterprise Certificate Center Mark Borrie (Jan 11)
- Re: New Thawte Enterprise Certificate Center Laurie Zirkle (Jan 12)
- Re: New Thawte Enterprise Certificate Center Russell Fulton (Jan 12)
- Re: New Thawte Enterprise Certificate Center Sauvigne, Craig M (Jan 13)