Educause Security Discussion mailing list archives
Re: SSL Certificates
From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Tue, 17 Mar 2009 22:23:29 -0500
Not to nitpick, but what qualifies as an "official" certifcate for such purposes? One from any CA distributed in commonly available browsers? (pretty much goes to user experience only, and keeps the "Türktrust Elektronic Sertifika Hizmet Saglyicisi" in the game) Any minimum service level for any such CA? (Uncommon, but possibly helpful, if you actually follow the trail and actually *read* the CA's CPS for that certificate level, and ctually read, understand, and agree to it - like *that* ever happens) EV-SSL, or no? -jml
"Rowe, Ken" <kenrowe () UILLINOIS EDU> 03/17/09 6:12 PM >>>
Web servers running in operational (not development) environment must have an official certificate. We would not allow a trial certificate, especially when dealing with (HIPAA-restricted?) sensitive data. Ken. == Ken Rowe Director of Enterprise Systems Assurance and Information Security University Office of Administrative Information Technology Services University of Illinois 50 Gerty Drive, MC-673 Champaign, IL 61820 E kenrowe () uillinois edu O 217.265.0415 F 217.333.6991 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv on behalf of Mclaughlin, Kevin (mclaugkl) Sent: Tue 3/17/2009 2:18 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] SSL Certificates How are the rest of you dealing with this type of request? Are there any inherent risks with approving these types of requests? =============================================================== Hello, Kevin Mclaughlin, I am sending this email to ask your help in the approval of our trial SSL certificate application. We have applied a trial SSL certificate from ipsCA (http://certs.ipsca.com<http://certs.ipsca.com/>) for our web site http://XXX<http://xxx/>, which will provide online clinical data collection function for Translational research ===================================================================== Thanks, -Kevin Kevin L. McLaughlin, CISM, CISSP, GIAC-GSLC, PMP, ITIL Master Certified Assistant Vice President, Information Security & Special Projects University of Cincinnati 513-556-9177
Current thread:
- SSL Certificates Mclaughlin, Kevin (mclaugkl) (Mar 17)
- <Possible follow-ups>
- Re: SSL Certificates Rowe, Ken (Mar 17)
- Re: SSL Certificates Jeff Giacobbe (Mar 17)
- Re: SSL Certificates Consolvo, Corbett D (Mar 17)
- Re: SSL Certificates John Ladwig (Mar 17)
- Re: SSL Certificates Gary Flynn (Mar 18)
- Re: SSL Certificates Brian Epstein (Mar 18)
- Re: SSL Certificates Ryan Fox (Mar 18)
- Re: SSL Certificates Charlie Prothero (Mar 18)
- Re: SSL Certificates Eric Torgersen (Mar 18)
- Re: SSL Certificates Doug Hoffman (Mar 18)
- Re: SSL Certificates Steven Tardy (Mar 18)
- Re: SSL Certificates Cal Frye (Mar 19)