Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSL scaling

From: Jack Suess <jack () UMBC EDU>
Date: Wed, 15 Jun 2011 16:28:12 -0400
I sent the message below to the CIO list a week ago. I will be doing a webinar on the CERT service on  June 29th at 3pm.

https://spaces.internet2.edu/display/InCCollaborate/2011/06/13/Certificate+Service+Informational+Webinar+June+29 

jack suess


==========    Message to the CIO list   =================================
I want to encourage my colleagues to take a look at the InCommon Certificate offering.  

http://www.incommon.org/cert/

We launched this last June and signed up 109 schools in the first year.  Here is the list of schools signed up 

http://www.incommon.org/cert/subscribers.cfm.   

Feel free to talk to any colleagues you know at these schools  to see if this is right for your institution.

InCommon has gone through a learning curve in rolling this out but it has greatly benefited higher ed, whether you use 
the service or not, by changing the pricing point for SSL certificates in higher education. I have heard of large 
campuses with savings approaching 100K just for what they use to pay for SSL certificates. 

This leverages the Comodo certificate services and is based on what has been in European higher education under the 
umbrella of Terena. It provides unlimited SSL certificates, EV certificates, and unlimited personal and device 
certificates. We are going to be rolling out the personal certificate program later this summer with effective 
practices for how you can really benefit from the personal certificate offering in terms of mobile authentication, VPN 
access, 802.1x support, digital signatures.

The pricing is based on your carnegie classification and ranges from $1500 to $20,000. You do need to join InCommon as 
part of this but almost all schools still have savings from the certificate service to cover that cost.

http://www.incommon.org/cert/cert_fee.html  .

As a disclaimer, I'm on the InCommon Steering Committee that oversees InCommon. As representatives of the broader 
community we always want to hear your feedback and try to make sure our services are meeting the communities needs. 

Regards,

Jack Suess



On Jun 15, 2011, at 11:47 AM, Michael A. Smith wrote:


We currently use a vended managed PKI portal that allows us to issue SSL certs to internal customers when they roll 
out a website, but its costs increase almost linearly with the size of our web portfolio. With the way the web is 
moving, I don't think this linear growth is sustainable. What solutions are in place and recommended among small to 
medium institutions for managing SSL certificates? Is a wild card cert the only way to manage this growth?

I confess when I first moved to Higher Ed I was surprised to find that Educause itself doesn't operate in the CA 
space. After it has vetted an institution for a .edu domain, the process for validating that institution's identity 
is already shortcut, is it not?

(I apologize if this is a FAQ. I've been unable to access the listserve.educause.edu site to research the archives 
for some reason.)

Best wishes,
Michael A. Smith
Web & Digital / Academic Technologies Manager
Nazareth College


Jack Suess            UMBC VP of IT & CIO
jack () umbc edu    1000 Hilltop Circle
410.455.2582     Baltimore Md, 21250
Homepage:      http://bit.ly/fSB5ID
Blog:                 http://bit.ly/felhWd

Attachment: smime.p7s
Description:

Previous By Date Next
Previous By Thread Next

Current thread: