Educause Security Discussion mailing list archives

Re: SSL scaling

From: "Frazier, William S [ITSYS]" <frazier () IASTATE EDU>
Date: Wed, 15 Jun 2011 14:39:59 -0500

I have no idea whether the costs are acceptable for you or not, but have you considered the InCommon Certificate 
Service.  We found that the cost was a substantial saving over our previous solution.  Granted, we were already 
InCommon member, but I believe the savings would have been significant even factoring in membership.

One major benefit of the service is that it is geared to higher ed.

Bill
------------------------------------------------------------------
Bill Frazier                                 frazier () iastate edu
Unix OS, Apps, Evolving Technologies Lead   voice: (515) 294-8620
Iowa State University                        fax:   (515) 294-1717
Information Technology Services, 251 Durham, Ames, Iowa 50011-2251



From: Dexter Caldwell <Dexter.Caldwell () FURMAN EDU<mailto:Dexter.Caldwell () FURMAN EDU>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>>
Date: Wed, 15 Jun 2011 14:12:31 -0500
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] SSL scaling


You could consider Ipsca's free for 2yr certs for education or some other cheap vendor.   Or you can consider wildcards 
ir your own pki.   The latter of course is a whole other issue to manage.
Dexter

The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> writes:
We currently use a vended managed PKI portal that allows us to issue SSL certs to internal customers when they roll out 
a website, but its costs increase almost linearly with the size of our web portfolio. With the way the web is moving, I 
don't think this linear growth is sustainable. What solutions are in place and recommended among small to medium 
institutions for managing SSL certificates? Is a wild card cert the only way to manage this growth?

I confess when I first moved to Higher Ed I was surprised to find that Educause itself doesn't operate in the CA space. 
After it has vetted an institution for a .edu domain, the process for validating that institution's identity is already 
shortcut, is it not?

(I apologize if this is a FAQ. I've been unable to access the listserve.educause.edu site to research the archives for 
some reason.)

Best wishes,
Michael A. Smith
Web & Digital / Academic Technologies Manager
Nazareth College

Current thread:

SSL scaling Michael A. Smith (Jun 15)
- Re: SSL scaling Julian Y Koh (Jun 15)
- Re: SSL scaling Jay Fowler (Jun 15)
- Re: SSL scaling Dexter Caldwell (Jun 15)
  - Re: SSL scaling John Ladwig (Jun 15)
    - Re: SSL scaling Flynn, Gary - flynngn (Jun 15)
    - Re: SSL scaling Jay Fowler (Jun 15)
    - Re: SSL scaling Frazier, William S [ITSYS] (Jun 15)
  - Re: SSL scaling Frazier, William S [ITSYS] (Jun 15)
    - Re: SSL scaling King, Ronald A. (Jun 15)
- Re: SSL scaling Jack Suess (Jun 15)
- Re: SSL scaling Hubert, Wesley R (Jun 16)
  - Re: SSL scaling Michael Fertig (Jun 17)
    - Re: SSL scaling Kevin Halgren (Jun 21)
  - Re: SSL scaling Jack Suess (Jun 17)
    - Re: SSL scaling Andy Hooper (Jun 20)