[unisog] IPSCA free SSL certificates

Les Ault aultl at utk.edu
Thu Aug 23 12:25:17 GMT 2007


I just finished getting two certs, virtually pain free. One was for our 
.edu domain and the entire request and delivery of cert was completed in 
less than 24 hours.

The other cert was for a .info domain and it took the better part of 72 
hours to get. I made the request and received a message stating they 
needed to verify the domain and the cert would be delayed. Once the 
"cert approval" message was sent to the domain contact (Day 2.5), I had 
the cert in about 12 hours.

One cert was on IIS6 and I had to load the IPSca chain cert (downloaded 
from the IPSca site) into Internet Explorer on that server before client 
browsers stop complaining. The other cert was put on Apache and after 
installing the chain cert there everything worked.

I would use them again in the future.

John Kemp wrote:
> Russell Fulton wrote:
>   
>> IPSCA (www.ipsca.com) offers free SSL certs to universities.   The
>> system works fine if you have a .edu domain but, inspite of repeated
>> assurances that we are elligible, I have not been able to get a free
>> certificate.
>>
>> If the dn is in .edu you select 'free educational cert' as payment
>> option and presumably everything works.  When I select 'free educational
>> cert' I get a free 3months evaluation certificate. 
>>
>> Email to support at ipsca.com elicits the response "We need to check your
>> website to make sure it is an educational site".  Fair enough but
>> requests for them to do have so far failed to get a response.  On at
>> least two occasions I have asked for explicit instructions on what I
>> need to do to get these certificates but all I have ever got back is the
>> "We need to check...".
>>
>> Has anyone out side .edu managed to get one of these certificates?  How
>> did you do it.
>>
>> BTW the 3 months certificate I did get worked absolutely fine, until it
>> expired ;)
>>
>> Cheers, Russell
>>
>> Russell Fulton, ISO, The University of Auckland
>>
>> _______________________________________________
>> unisog mailing list
>> unisog at lists.dshield.org
>> https://lists.sans.org/mailman/listinfo/unisog
>>
>>   
>>     
>
> So what did you think?
>
> My concern on this one was that I expected that by default IPSCA would 
> not be
> in the root CA caches on most client machines.  Are you seeing that as 
> the case?
>
> Other concerns?  Anyone else with suggestions for better alternatives to 
> Thawte/Verisign
> for public certificates?
>
> John Kemp (kemp at ns.uoregon.edu)
>
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
>
>   

-- 
Les Ault <aultl at utk.edu>
Linux Systems Administrator, NT-UNIX Systems Group
University Information Systems
University of Tennessee, Knoxville
P: 865-974-1640

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3221 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.sans.org/pipermail/unisog/attachments/20070823/f5ddd5dd/attachment.bin 


More information about the unisog mailing list