+ Post New Thread
Page 3 of 3 FirstFirst 123
Results 31 to 41 of 41
Windows Thread, ipsCA Global CA Root in Technical; Originally Posted by ful56_uk I installed the new root ca on our tmg box but till get the problem the ...
  1. #31

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,876
    Thank Post
    127
    Thanked 279 Times in 204 Posts
    Rep Power
    164
    Quote Originally Posted by ful56_uk View Post
    I installed the new root ca on our tmg box but till get the problem the cert has been revoked. This is a right bloody pain

    any know were you can get cheap ssl wild card certs?
    IPCSA cert working here too.

    On exchange 2003 and Forefront UAG 2010 (TMG components), the cert is working on both of those.

    Have you whitelisted the CRLs listed in the cert on your proxy??

  2. #32
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,003
    Thank Post
    195
    Thanked 42 Times in 34 Posts
    Rep Power
    29
    I looked at GoDaddy and RapidSSL, after IpsCA revoked their cert. I went with rapidSSL in the end. They were quick, easy to install, and cheap.

    The one month freeSSL was a bit harder to set up as it involved an automated telephone authentication stage.

    Mmmm... I've just looked at RapidSSL again whilst typing this, and their prices are much higher than I paid (was about 15, now 49 per year). Either they've put their prices up, or I got an education discount.

  3. #33
    grahamd22's Avatar
    Join Date
    Aug 2007
    Location
    Wallington, Surrey
    Posts
    60
    Thank Post
    9
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I've got our certificate from ipsca but I asked for one for The Warwick School, should I have asked for one for https://webmail.warwick.surrey.sch.uk as its saying the cert is not valid?

  4. #34
    ful56_uk's Avatar
    Join Date
    Mar 2008
    Location
    Essex
    Posts
    534
    Thank Post
    104
    Thanked 23 Times in 21 Posts
    Rep Power
    17
    yeah you need to ask one for the webmail site or wild card the ssl request then you can do all your domains.

  5. #35

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,876
    Thank Post
    127
    Thanked 279 Times in 204 Posts
    Rep Power
    164
    Quote Originally Posted by grahamd22 View Post
    I've got our certificate from ipsca but I asked for one for The Warwick School, should I have asked for one for https://webmail.warwick.surrey.sch.uk as its saying the cert is not valid?
    You should get *.warwick.surrey.sch.uk


    Exchange 2003 will accept this cert.

    Exchange 2007/2010 will require a UC cert (cost about 150 a year), unless you protect it with something like UAG where you can ignore internal certs.

  6. #36
    grahamd22's Avatar
    Join Date
    Aug 2007
    Location
    Wallington, Surrey
    Posts
    60
    Thank Post
    9
    Thanked 1 Time in 1 Post
    Rep Power
    0
    It looks like you have to pay for a wildcard. It didn't like webmail.warwick.surrey.sch.uk as it dodn't recognise it as our domian name, here was the response:

    SSL Server Certificate Request Denied for: SERVER AND DOMAIN UNKNOWN

    Dear Mr/Mrs Davis, Graham

    Your SSL Certificate Request has been denied for the following reason:

    Your CSR file information cannot be read.

    Possible reasons are:

    1.- You did not paste a correct formated Base64 CSR file.

    2.- You did not paste the complete CSR Text or you did not include the full BEGIN and END lines with all dashes.

    3.- You included characters not allowed in the request.

    Please make sure that the COMMON NAME (CN) in your CSR is the Fully-Qualified Domain Name (example: IndexPortada ) of your OWN Server, or if it is an intranet server, use the network name of your server.


    What now?

  7. #37
    grahamd22's Avatar
    Join Date
    Aug 2007
    Location
    Wallington, Surrey
    Posts
    60
    Thank Post
    9
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Right the wildcard works on the server, lets hope we don't get a sneaky bill through the post !!
    Which certs do I need to roll out via gpo and how as I now have :

    1. *.warwick.surrey.sch.uk
    2. ipsCALEVEL1.cer
    3. ipscaGlobal.cer

  8. #38
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,003
    Thank Post
    195
    Thanked 42 Times in 34 Posts
    Rep Power
    29
    Quote Originally Posted by OverWorked View Post
    I looked at GoDaddy and RapidSSL, after IpsCA revoked their cert. I went with rapidSSL in the end. They were quick, easy to install, and cheap.

    The one month freeSSL was a bit harder to set up as it involved an automated telephone authentication stage.

    Mmmm... I've just looked at RapidSSL again whilst typing this, and their prices are much higher than I paid (was about 15, now 49 per year). Either they've put their prices up, or I got an education discount.
    Update: I've just remembered I bought the RapidSSL certs through trustico. They're much cheaper that way at 14.70 per year, with discounts for longer term. Fast efficient service too.

  9. #39

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55
    Are these guys still a valid SSL Cert company? Does any info get sent to them data-wise? I'm not entirely sure how SSL works. I would like to secure the connection between my VLE and the clients accessing it. i would also like to secure the connection on my website and webmail system.

  10. #40
    Trapper's Avatar
    Join Date
    Apr 2007
    Location
    Birmingham
    Posts
    1,057
    Thank Post
    69
    Thanked 117 Times in 94 Posts
    Rep Power
    83
    Another +1 for IPSCA here. Installed the cert for Sharepoint 2010 on IIS and ISA 2006 and all works fine in IE.

    They still haven't installed their root CA into Firefox's repository yet, well over a year since it was last discussed.

    Frankly I think the other cert vendors ought to follow this lead and allow free certs for educational establishments. We are not using the cert to facilitate eCommerce to make money. We use it to secure student data for teaching. A non commerical, not for profit free educational cert should be mandatory.

    I used to use StartCOM at home when using Exchange. However they need to send the validation email to your TLD. Which in my cast is either hostmaster/postmaster/administrator@bham.sch.uk. I did ask back at my old school whether they'd pass the emails on so I could a free one for portal.school.bham.sch.uk but they refused. I assume they believed I could then issue certs for all schools under the TLD.

    I didn't realise you could get a wildcard cert from IPSCA. I just choose portal.schoolname.bham.sch.uk. Frankly with ISA you can push everything through on one address anyway.

    Anyway no more cert errors!

    I do miss the old days of self signing. It was frankly funny to hear a friend tell me about when she was scammed. She said that the website had the "Padlock" icon to say it was secure, so how did she get scammed? I told her that her credit card details were sent securely, just direct to the scammers! I assume thats why in IE7+ self signing certs give errors.
    Last edited by Trapper; 30th May 2011 at 04:52 PM. Reason: Removed school name. Dang AUP.

  11. #41
    Trapper's Avatar
    Join Date
    Apr 2007
    Location
    Birmingham
    Posts
    1,057
    Thank Post
    69
    Thanked 117 Times in 94 Posts
    Rep Power
    83

  12. Thanks to Trapper from:

    SYNACK (17th June 2011)

SHARE:
+ Post New Thread
Page 3 of 3 FirstFirst 123

Similar Threads

  1. Cannot log in as root
    By Teth in forum *nix
    Replies: 3
    Last Post: 30th November 2007, 02:37 PM
  2. Forest Root concerns
    By u8dmtm in forum Wireless Networks
    Replies: 1
    Last Post: 13th December 2006, 11:43 AM
  3. Root Kits
    By tickmike in forum Windows
    Replies: 3
    Last Post: 15th November 2006, 11:00 PM
  4. Now they want my server root password.
    By tickmike in forum General Chat
    Replies: 29
    Last Post: 9th September 2006, 11:23 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •