Educause Security Discussion mailing list archives
Re: SSL/SSH certifiactes
From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Thu, 13 May 2010 12:22:33 -0400
Entwistle, Bruce wrote:
We are currently reviewing our network security. One of the tools we are using in this process is reporting a vulnerability as a result of using self signed certificates on our Cisco IOS devices (switches, routers, access points) for ssh and ssl connections. Rather than purchase 300 certificates to address this issue I thought I would ask what others are doing in this area.
For things that are only accessed by ITS staff (such as the infrastructure components you listed), we generate certs with an internal CA and set up staff machines to trust them. No need to pay for an external certificate for such a small audience, at least in my opinion. -- Matt Gracie (716) 888-8378 Information Security Administrator graciem () canisius edu Canisius College ITS Buffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Current thread:
- SSL/SSH certifiactes Entwistle, Bruce (May 13)
- <Possible follow-ups>
- Re: SSL/SSH certifiactes Daniel Bennett (May 13)
- Re: SSL/SSH certifiactes Matthew Gracie (May 13)
- Re: SSL/SSH certifiactes Dexter Caldwell (May 13)
- Re: SSL/SSH certifiactes Greg Washburn (May 13)
- Re: SSL/SSH certifiactes John Ladwig (May 13)
- Re: SSL/SSH certifiactes Sam Hooker (May 13)
- Re: SSL/SSH certifiactes Andy Fleming (May 14)