Educause Security Discussion mailing list archives
Re: SSL scaling
From: Jack Suess <jack () UMBC EDU>
Date: Wed, 15 Jun 2011 16:28:12 -0400
I sent the message below to the CIO list a week ago. I will be doing a webinar on the CERT service on June 29th at 3pm. https://spaces.internet2.edu/display/InCCollaborate/2011/06/13/Certificate+Service+Informational+Webinar+June+29 jack suess ========== Message to the CIO list ================================= I want to encourage my colleagues to take a look at the InCommon Certificate offering. http://www.incommon.org/cert/ We launched this last June and signed up 109 schools in the first year. Here is the list of schools signed up http://www.incommon.org/cert/subscribers.cfm. Feel free to talk to any colleagues you know at these schools to see if this is right for your institution. InCommon has gone through a learning curve in rolling this out but it has greatly benefited higher ed, whether you use the service or not, by changing the pricing point for SSL certificates in higher education. I have heard of large campuses with savings approaching 100K just for what they use to pay for SSL certificates. This leverages the Comodo certificate services and is based on what has been in European higher education under the umbrella of Terena. It provides unlimited SSL certificates, EV certificates, and unlimited personal and device certificates. We are going to be rolling out the personal certificate program later this summer with effective practices for how you can really benefit from the personal certificate offering in terms of mobile authentication, VPN access, 802.1x support, digital signatures. The pricing is based on your carnegie classification and ranges from $1500 to $20,000. You do need to join InCommon as part of this but almost all schools still have savings from the certificate service to cover that cost. http://www.incommon.org/cert/cert_fee.html . As a disclaimer, I'm on the InCommon Steering Committee that oversees InCommon. As representatives of the broader community we always want to hear your feedback and try to make sure our services are meeting the communities needs. Regards, Jack Suess On Jun 15, 2011, at 11:47 AM, Michael A. Smith wrote:
We currently use a vended managed PKI portal that allows us to issue SSL certs to internal customers when they roll out a website, but its costs increase almost linearly with the size of our web portfolio. With the way the web is moving, I don't think this linear growth is sustainable. What solutions are in place and recommended among small to medium institutions for managing SSL certificates? Is a wild card cert the only way to manage this growth? I confess when I first moved to Higher Ed I was surprised to find that Educause itself doesn't operate in the CA space. After it has vetted an institution for a .edu domain, the process for validating that institution's identity is already shortcut, is it not? (I apologize if this is a FAQ. I've been unable to access the listserve.educause.edu site to research the archives for some reason.) Best wishes, Michael A. Smith Web & Digital / Academic Technologies Manager Nazareth College
Jack Suess UMBC VP of IT & CIO jack () umbc edu 1000 Hilltop Circle 410.455.2582 Baltimore Md, 21250 Homepage: http://bit.ly/fSB5ID Blog: http://bit.ly/felhWd
Attachment:
smime.p7s
Description:
Current thread:
- SSL scaling Michael A. Smith (Jun 15)
- Re: SSL scaling Julian Y Koh (Jun 15)
- Re: SSL scaling Jay Fowler (Jun 15)
- Re: SSL scaling Dexter Caldwell (Jun 15)
- Re: SSL scaling John Ladwig (Jun 15)
- Re: SSL scaling Flynn, Gary - flynngn (Jun 15)
- Re: SSL scaling Jay Fowler (Jun 15)
- Re: SSL scaling Frazier, William S [ITSYS] (Jun 15)
- Re: SSL scaling John Ladwig (Jun 15)
- Re: SSL scaling Frazier, William S [ITSYS] (Jun 15)
- Re: SSL scaling King, Ronald A. (Jun 15)
- Re: SSL scaling Jack Suess (Jun 15)
- Re: SSL scaling Hubert, Wesley R (Jun 16)
- Re: SSL scaling Michael Fertig (Jun 17)
- Re: SSL scaling Kevin Halgren (Jun 21)
- Re: SSL scaling Jack Suess (Jun 17)
- Re: SSL scaling Andy Hooper (Jun 20)
- Re: SSL scaling Michael Fertig (Jun 17)