Educause Security Discussion mailing list archives

Re: SSL Certificates

From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Tue, 17 Mar 2009 22:23:29 -0500

Not to nitpick, but what qualifies as an "official" certifcate for such
purposes?

One from any CA distributed in commonly available browsers?  (pretty
much goes to user experience only, and keeps the "Türktrust Elektronic
Sertifika Hizmet Saglyicisi" in the game)

Any minimum service level for any such CA? (Uncommon, but possibly
helpful, if you actually follow the trail and actually *read* the CA's
CPS for that certificate level, and ctually read, understand, and agree
to it - like *that* ever happens)

EV-SSL, or no?

   -jml

"Rowe, Ken" <kenrowe () UILLINOIS EDU> 03/17/09 6:12 PM >>>

Web servers running in operational (not development) environment must
have an official certificate.
We would not allow a trial certificate, especially when dealing with
(HIPAA-restricted?) sensitive data.

Ken.
== 
Ken Rowe
Director of Enterprise Systems Assurance and Information Security
University Office of Administrative Information Technology Services
University of Illinois
50 Gerty Drive, MC-673
Champaign, IL 61820
E kenrowe () uillinois edu
O 217.265.0415
F 217.333.6991
-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv on behalf of
Mclaughlin, Kevin (mclaugkl)
Sent: Tue 3/17/2009 2:18 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] SSL Certificates
 
How are the rest of you dealing with this type of request?  Are there
any inherent risks with approving these types of requests?

===============================================================
Hello, Kevin Mclaughlin,

I am sending this email to ask your help in the approval of our trial
SSL certificate application.

We have applied a trial SSL certificate from ipsCA
(http://certs.ipsca.com<http://certs.ipsca.com/>) for our web site
http://XXX<http://xxx/>, which will provide online clinical data
collection function for Translational research

=====================================================================
Thanks,
-Kevin

Kevin L. McLaughlin,  CISM, CISSP, GIAC-GSLC, PMP, ITIL Master Certified
Assistant Vice President, Information Security & Special Projects
University of Cincinnati
513-556-9177

Current thread:

SSL Certificates Mclaughlin, Kevin (mclaugkl) (Mar 17)
- <Possible follow-ups>
- Re: SSL Certificates Rowe, Ken (Mar 17)
- Re: SSL Certificates Jeff Giacobbe (Mar 17)
- Re: SSL Certificates Consolvo, Corbett D (Mar 17)
- Re: SSL Certificates John Ladwig (Mar 17)
- Re: SSL Certificates Gary Flynn (Mar 18)
- Re: SSL Certificates Brian Epstein (Mar 18)
- Re: SSL Certificates Ryan Fox (Mar 18)
- Re: SSL Certificates Charlie Prothero (Mar 18)
- Re: SSL Certificates Eric Torgersen (Mar 18)
- Re: SSL Certificates Doug Hoffman (Mar 18)
- Re: SSL Certificates Steven Tardy (Mar 18)
- Re: SSL Certificates Cal Frye (Mar 19)