Educause Security Discussion mailing list archives
Re: SSL scaling
From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Wed, 15 Jun 2011 14:33:28 -0500
InCommon seems to be operating as a reseller of Comodo certs, which implies that they may chain back to top-level CAs recognized by common browsers and operating systems. I disremember what Ipsca offers, in terms of broad recognition. It'd be a kindness if someone could refresh us on the need or absence of need to do local browser-cert installation to take advantage of these lower-cost services. Also, anyone who is interested in CAs and PKI in general should familiarize themselves with the work published by Chris Palmer in relation to the EFF's SSL Observatory project. Some of their findings are... dismaying. https://www.eff.org/deeplinks/2011/04/fully-qualified-nonsense-ssl-observatory https://www.eff.org/deeplinks/2011/04/unqualified-names-ssl-observatory https://www.eff.org/observatory -jml
Dexter Caldwell <Dexter.Caldwell () FURMAN EDU> 2011-06-15 14:12 >>>
You could consider Ipsca's free for 2yr certs for education or some other cheap vendor. Or you can consider wildcards ir your own pki. The latter of course is a whole other issue to manage. Dexter The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> writes:
We currently use a vended managed PKI portal that allows us to issue SSL certs to internal customers when they roll out a website, but its costs increase almost linearly with the size of our web portfolio. With the way the web is moving, I don't think this linear growth is sustainable. What solutions are in place and recommended among small to medium institutions for managing SSL certificates? Is a wild card cert the only way to manage this growth? I confess when I first moved to Higher Ed I was surprised to find that Educause itself doesn't operate in the CA space. After it has vetted an institution for a .edu domain, the process for validating that institution's identity is already shortcut, is it not? (I apologize if this is a FAQ. I've been unable to access the listserve.educause.edu site to research the archives for some reason.) Best wishes, Michael A. Smith Web & Digital / Academic Technologies Manager Nazareth College
Current thread:
- SSL scaling Michael A. Smith (Jun 15)
- Re: SSL scaling Julian Y Koh (Jun 15)
- Re: SSL scaling Jay Fowler (Jun 15)
- Re: SSL scaling Dexter Caldwell (Jun 15)
- Re: SSL scaling John Ladwig (Jun 15)
- Re: SSL scaling Flynn, Gary - flynngn (Jun 15)
- Re: SSL scaling Jay Fowler (Jun 15)
- Re: SSL scaling Frazier, William S [ITSYS] (Jun 15)
- Re: SSL scaling John Ladwig (Jun 15)
- Re: SSL scaling Frazier, William S [ITSYS] (Jun 15)
- Re: SSL scaling King, Ronald A. (Jun 15)
- Re: SSL scaling Jack Suess (Jun 15)
- Re: SSL scaling Hubert, Wesley R (Jun 16)
- Re: SSL scaling Michael Fertig (Jun 17)
- Re: SSL scaling Kevin Halgren (Jun 21)
- Re: SSL scaling Jack Suess (Jun 17)
- Re: SSL scaling Michael Fertig (Jun 17)