Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ipsCA and free .edu certs

From: "Lovaas,Steven" <Steven.Lovaas () COLOSTATE EDU>
Date: Wed, 14 Feb 2007 08:20:29 -0700
Mike,

Your concerns are well-founded, and I wouldn't suggest using these certs for
e-commerce or critical public systems, for the reasons you outline. On the
other hand, they allow HTTPS to function on internal systems, giving the
assurance that traffic is encrypted, and they're trusted by more browsers
than a self-signed cert. So they make a lot of sense for many applications.

We have a policy that development and internal-only systems can use ipscsa
certs, but outward-facing systems have to purchase one from our contract
with a commercial provider.

Steve 


==============================================
Steven Lovaas, MSIA, CISSP
Network Security Manager
Academic Computing & Network Services
Colorado State University
970-297-3707
Steven.Lovaas () ColoState EDU
============================================ 
-----Original Message-----
From: Mike Wiseman [mailto:mike.wiseman () UTORONTO CA] 
Sent: Tuesday, February 13, 2007 5:11 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] ipsCA and free .edu certs

I've been looking into these also. I am wondering about the low prices - you
know - if it sounds too good to be true... From a technical point of view,
the root cert uses 1024 bit keys which is a bit low for a root. Also, the
root expires in 2009 which introduces uncertainty for me as a reseller to my
campus - am I going to have to switch CAs in a year? Perhaps the most
troubling is their verification process - the registrant of the domain name
gets a cert with no further checking. So any of these marketers who buy
permutations of legitimate domain names can easily get a cert for it, for
example, in the case of my institution's domain 'utoornto.ca'. I'm hesitant
to support this kind of service.

Mike


Mike Wiseman
Computing and Networking Services
University of Toronto





Hi Rob, I believed this topic was posted here before. Below was my 
response. You may want to query the archive list for more info on this 
topic. Also, in my email below is the email from the vendor stated 
that you can have free wildcard cert too. My webmail cert works fine 
with safari, firefox, ie and konqueror.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vuong Phung
Operating Systems Administrator
College of Science - Dean's Office

San Jose State University
One Washington Square
San Jose, CA 95192-0099
Duncan Hall 33

Tel 1.408.924.5056
Fax 1.408.924.5033
Web https://ncs.science.sjsu.edu/helpdesk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----Original Message-----
From: Vuong Phung
Sent: Friday, November 17, 2006 7:49 AM
To: 'The EDUCAUSE Security Discussion Group Listserv'
Subject: RE: [SECURITY] Free SSL certs for .edu by company included in 
browser lists


We've been using their certs since last year and they work great on 
both IIS and Apache. Wildcard is free for edu according to the 
response that I got last year from their tech support. You can check 
out our webmail ssl site below, we also use their ssl for our webdav 
connection. The process to get the cert is fast too. Vuong

https://epsilon.science.sjsu.edu/exchange



-----Original Message-----
From: Rodolfo Lomascolo [mailto:r.lomascolo () ipsca com]
Sent: Thursday, July 07, 2005 8:34 AM
To: 'Vuong Phung'
Cc: support () ipsca com
Subject: RE: Signed Certificate : epsilon.science.sjsu.edu


Dear Mr Phung,

The free edu ssl is always free, and it will continue to be like this.

The wildcard for edu is also free.

BR

***********************************************************
Rodolfo Lomascolo r.lomascolo () ipsca com
Tel: + 34 91 640 20 52  Movil: + 34 609 30 25 13 ipsCA, Edificio ECU, 
ctra Coruña km 23,200 28290 -  ParqueRozas - Madrid - Spain
http://certs.ipsca.com       http://www.ipsca.com
***********************************************************

-----Mensaje original-----
De: Vuong Phung [mailto:vphung () science sjsu edu] Enviado el: jueves, 
07 de julio de 2005 17:30
Para: 'r.lomascolo () mail ips es'
Asunto: RE: Signed Certificate : epsilon.science.sjsu.edu


Dear Customer Service,

I would like to know how much it will cost to extend .EDU ssl license 
after
2 years free. Also, do you have wildcard ssl license for .EDU and how 
much does it cost??? Thanks!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vuong Phung
Operating Systems Administrator
College of Science - Dean's Office

San Jose State University
One Washington Square
San Jose, CA 95192-0099
Duncan Hall 33

Tel 1.408.924.5056
Fax 1.408.924.5033
Web http://ncs.science.sjsu.edu/helpdesk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


-----Original Message-----
From: Gary Flynn [mailto:flynngn () JMU EDU]
Sent: Friday, November 17, 2006 6:51 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Free SSL certs for .edu by company included in 
browser lists


Anyone using these folks or know anything about them:

http://certs.ipsca.com/

They also advertise wild card certs with no limit on hosts for 
$276.00/year.

http://certs.ipsca.com/Products/ipsca_ssl_Wildcard_certificates.ASP



--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security
-----Original Message-----
From: Rob Tanner [mailto:rtanner () LINFIELD EDU]
Sent: Tuesday, February 13, 2007 1:21 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] ipsCA and free .edu certs


Hi folks,

It was recently brought to my attention that ipsCA offers free 2 year
256 bit SSL certificates for educational institutions (in the .edu 
domain).  Does anybody have any experience with them?  I note that 
their root cert is bundled into Firefox, but does anyone know  about 
IE or Safari?  Is there a limit to the number of certificates?

Thanks,
Rob


--
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR

Attachment: smime.p7s
Description:

Previous By Date Next
Previous By Thread Next

Current thread: