Educause Security Discussion mailing list archives

Re: SSL/SSH certifiactes

From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Thu, 13 May 2010 12:22:33 -0400

Entwistle, Bruce wrote:

We are currently reviewing our network security.  One of the tools we
are using in this process is reporting a vulnerability as a result of
using self signed certificates on our Cisco IOS devices (switches,
routers, access points) for ssh and ssl connections.  Rather than
purchase 300 certificates to address this issue I thought I would ask
what others are doing in this area.


For things that are only accessed by ITS staff (such as the
infrastructure components you listed), we generate certs with an
internal CA and set up staff machines to trust them. No need to pay for
an external certificate for such a small audience, at least in my opinion.

--
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg

Current thread:

SSL/SSH certifiactes Entwistle, Bruce (May 13)
- <Possible follow-ups>
- Re: SSL/SSH certifiactes Daniel Bennett (May 13)
- Re: SSL/SSH certifiactes Matthew Gracie (May 13)
- Re: SSL/SSH certifiactes Dexter Caldwell (May 13)
- Re: SSL/SSH certifiactes Greg Washburn (May 13)
- Re: SSL/SSH certifiactes John Ladwig (May 13)
- Re: SSL/SSH certifiactes Sam Hooker (May 13)
- Re: SSL/SSH certifiactes Andy Fleming (May 14)