Educause Security Discussion mailing list archives
Re: SSL scaling
From: "Frazier, William S [ITSYS]" <frazier () IASTATE EDU>
Date: Wed, 15 Jun 2011 16:30:24 -0500
Be aware that many certificate providers are having to introduce new intermediate Cas in order to meet increasingly stringent security standards. This is true of Comodo as well as others. This means that an intermediate certificate may need to be installed on servers and on client platforms that do not receive browser cert file updates. Users of current browsers, however, do not need to do anything. With the Comodo certs issued under the InCommon rubric, the intermediate is included in the certificate bundle for each cert issued. Fees for the institution, by the way, are based on the Carnegie Classification and are a fixed annual amount not connected tmber of certs issued. Bill ------------------------------------------------------------------ Bill Frazier frazier () iastate edu Unix OS, Apps, Evolving Technologies Lead voice: (515) 294-8620 Iowa State University fax: (515) 294-1717 Information Technology Services, 251 Durham, Ames, Iowa 50011-2251 From: Jay Fowler <fowler () CSUFRESNO EDU<mailto:fowler () CSUFRESNO EDU>> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Wed, 15 Jun 2011 15:40:46 -0500 To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: Re: [SECURITY] SSL scaling ________________________________ From: "John Ladwig" <John.Ladwig () CSU MNSCU EDU<mailto:John.Ladwig () CSU MNSCU EDU>> To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Sent: Wednesday, June 15, 2011 12:33:28 PM Subject: Re: [SECURITY] SSL scaling InCommon seems to be operating as a reseller of Comodo certs, which implies that they may chain back to top-level CAs recognized by common browsers and operating systems. I disremember what Ipsca offers, in terms of broad recognition. It'd be a kindness if someone could refresh us on the need or absence of need to do local browser-cert installation to take advantage of these lower-cost services. With InCommon, you log into their web site, submit the CSR and they email links to the signed, intermediate and root certs. The turn around time has been on the order of a few minutes to a couple hours. The intermediate cert is from InCommon, issued by Comodo. The application needing a certificate will need to know about the intermediate and possibly the root CA cert, but client browsers and operating systems seem to already have the root CA. And because clients have the root CA, the end user is not being being prompted to install untrusted certs. Jay
Current thread:
- SSL scaling Michael A. Smith (Jun 15)
- Re: SSL scaling Julian Y Koh (Jun 15)
- Re: SSL scaling Jay Fowler (Jun 15)
- Re: SSL scaling Dexter Caldwell (Jun 15)
- Re: SSL scaling John Ladwig (Jun 15)
- Re: SSL scaling Flynn, Gary - flynngn (Jun 15)
- Re: SSL scaling Jay Fowler (Jun 15)
- Re: SSL scaling Frazier, William S [ITSYS] (Jun 15)
- Re: SSL scaling John Ladwig (Jun 15)
- Re: SSL scaling Frazier, William S [ITSYS] (Jun 15)
- Re: SSL scaling King, Ronald A. (Jun 15)
- Re: SSL scaling Jack Suess (Jun 15)
- Re: SSL scaling Hubert, Wesley R (Jun 16)
- Re: SSL scaling Michael Fertig (Jun 17)
- Re: SSL scaling Kevin Halgren (Jun 21)
- Re: SSL scaling Jack Suess (Jun 17)
- Re: SSL scaling Andy Hooper (Jun 20)
- Re: SSL scaling Michael Fertig (Jun 17)