[unisog] Certificate Authority set-up for your schools?

Russell Fulton r.fulton at auckland.ac.nz
Wed Oct 9 03:29:31 GMT 2002


On Wed, 2002-10-09 at 11:03, Christopher A Bongaarts wrote:
> As Jerry A. Copus once put it so eloquently:
> 
> > We're on the verge of purchasing a certificate for our domain from Thawte 
> > so we can start implementing some SSL with a pre-established trusted root. 

Err... I enquired about this yesterday and was told that Thawte only old
SMIME chaining certificates.  Mind you I deal with the bods in South
Africa, may be the US part of the organization is different.  In any
case I would like to hear the details so I can tell my sales rep.

[snip ]
> 
> For certs that will be visible on a large scale, such as web server
> certs, IMAPS/POPS certs, etc., we use Thawte's SPKI program, where we
> actually do the approval for certs issued for our domain(s).  This has 
> worked well for us, although recently they redesigned the program so
> it is not as convenient in some ways.  This is nice because the certs
> are recognized by pretty much every browser out-of-the-box, with no
> user education or root CA importation involved.  The discount is
> substantial (you effectively buy in bulk in advance and "spend" to
> issue or renew certs), and we can bill using our internal campus
> accounting system.

We do this too.  I've also been bitching to them about the new setup
which forces me (as NSO) to do stuff that I could delegate to SAs under
the old system.  Our account rep acknowledged that others had complained
about the changes and promised to inform management.  So if you are
Thawte customers and you don't like the new features then complain,
something just might happen.


-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin



More information about the unisog mailing list