Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSL scaling

From: Jay Fowler <fowler () CSUFRESNO EDU>
Date: Wed, 15 Jun 2011 13:40:46 -0700


----- Original Message -----


From: "John Ladwig" <John.Ladwig () CSU MNSCU EDU> 
To: SECURITY () LISTSERV EDUCAUSE EDU 
Sent: Wednesday, June 15, 2011 12:33:28 PM 
Subject: Re: [SECURITY] SSL scaling 

InCommon seems to be operating as a reseller of Comodo certs, which implies that they may chain back to top-level CAs 
recognized by common browsers and operating systems. 

I disremember what Ipsca offers, in terms of broad recognition. 

It'd be a kindness if someone could refresh us on the need or absence of need to do local browser-cert installation to 
take advantage of these lower-cost services. 

With InCommon, you log into their web site, submit the CSR and they email links to the signed, intermediate and root 
certs. The turn around time has been on the order of a few minutes to a couple hours. The intermediate cert is from 
InCommon, issued by Comodo. The application needing a certificate will need to know about the intermediate and possibly 
the root CA cert, but client browsers and operating systems seem to already have the root CA. And because clients have 
the root CA, the end user is not being being prompted to install untrusted certs. 

Jay
Previous By Date Next
Previous By Thread Next

Current thread: