+ Post New Thread
Page 3 of 3 FirstFirst 123
Results 31 to 41 of 41
Windows Thread, ipsCA Global CA Root in Technical; Originally Posted by ful56_uk I installed the new root ca on our tmg box but till get the problem the ...
  1. #31

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,935
    Thank Post
    138
    Thanked 290 Times in 210 Posts
    Rep Power
    193
    Quote Originally Posted by ful56_uk View Post
    I installed the new root ca on our tmg box but till get the problem the cert has been revoked. This is a right bloody pain

    any know were you can get cheap ssl wild card certs?
    IPCSA cert working here too.

    On exchange 2003 and Forefront UAG 2010 (TMG components), the cert is working on both of those.

    Have you whitelisted the CRLs listed in the cert on your proxy??

  2. #32
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,014
    Thank Post
    198
    Thanked 42 Times in 34 Posts
    Rep Power
    30
    I looked at GoDaddy and RapidSSL, after IpsCA revoked their cert. I went with rapidSSL in the end. They were quick, easy to install, and cheap.

    The one month freeSSL was a bit harder to set up as it involved an automated telephone authentication stage.

    Mmmm... I've just looked at RapidSSL again whilst typing this, and their prices are much higher than I paid (was about £15, now £49 per year). Either they've put their prices up, or I got an education discount.

  3. #33
    grahamd22's Avatar
    Join Date
    Aug 2007
    Location
    Wallington, Surrey
    Posts
    69
    Thank Post
    11
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I've got our certificate from ipsca but I asked for one for The Warwick School, should I have asked for one for https://webmail.warwick.surrey.sch.uk as its saying the cert is not valid?

  4. #34
    ful56_uk's Avatar
    Join Date
    Mar 2008
    Location
    Essex
    Posts
    562
    Thank Post
    105
    Thanked 25 Times in 22 Posts
    Rep Power
    19
    yeah you need to ask one for the webmail site or wild card the ssl request then you can do all your domains.

  5. #35

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,935
    Thank Post
    138
    Thanked 290 Times in 210 Posts
    Rep Power
    193
    Quote Originally Posted by grahamd22 View Post
    I've got our certificate from ipsca but I asked for one for The Warwick School, should I have asked for one for https://webmail.warwick.surrey.sch.uk as its saying the cert is not valid?
    You should get *.warwick.surrey.sch.uk


    Exchange 2003 will accept this cert.

    Exchange 2007/2010 will require a UC cert (cost about 150 a year), unless you protect it with something like UAG where you can ignore internal certs.

  6. #36
    grahamd22's Avatar
    Join Date
    Aug 2007
    Location
    Wallington, Surrey
    Posts
    69
    Thank Post
    11
    Thanked 1 Time in 1 Post
    Rep Power
    0
    It looks like you have to pay for a wildcard. It didn't like webmail.warwick.surrey.sch.uk as it dodn't recognise it as our domian name, here was the response:

    SSL Server Certificate Request Denied for: SERVER AND DOMAIN UNKNOWN

    Dear Mr/Mrs Davis, Graham

    Your SSL Certificate Request has been denied for the following reason:

    Your CSR file information cannot be read.

    Possible reasons are:

    1.- You did not paste a correct formated Base64 CSR file.

    2.- You did not paste the complete CSR Text or you did not include the full BEGIN and END lines with all dashes.

    3.- You included characters not allowed in the request.

    Please make sure that the COMMON NAME (CN) in your CSR is the Fully-Qualified Domain Name (example: IndexPortada ) of your OWN Server, or if it is an intranet server, use the network name of your server.


    What now?

  7. #37
    grahamd22's Avatar
    Join Date
    Aug 2007
    Location
    Wallington, Surrey
    Posts
    69
    Thank Post
    11
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Right the wildcard works on the server, lets hope we don't get a sneaky bill through the post !!
    Which certs do I need to roll out via gpo and how as I now have :

    1. *.warwick.surrey.sch.uk
    2. ipsCALEVEL1.cer
    3. ipscaGlobal.cer

  8. #38
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,014
    Thank Post
    198
    Thanked 42 Times in 34 Posts
    Rep Power
    30
    Quote Originally Posted by OverWorked View Post
    I looked at GoDaddy and RapidSSL, after IpsCA revoked their cert. I went with rapidSSL in the end. They were quick, easy to install, and cheap.

    The one month freeSSL was a bit harder to set up as it involved an automated telephone authentication stage.

    Mmmm... I've just looked at RapidSSL again whilst typing this, and their prices are much higher than I paid (was about £15, now £49 per year). Either they've put their prices up, or I got an education discount.
    Update: I've just remembered I bought the RapidSSL certs through trustico. They're much cheaper that way at £14.70 per year, with discounts for longer term. Fast efficient service too.

  9. #39

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    Are these guys still a valid SSL Cert company? Does any info get sent to them data-wise? I'm not entirely sure how SSL works. I would like to secure the connection between my VLE and the clients accessing it. i would also like to secure the connection on my website and webmail system.

  10. #40
    Trapper's Avatar
    Join Date
    Apr 2007
    Location
    Birmingham
    Posts
    1,209
    Thank Post
    74
    Thanked 147 Times in 119 Posts
    Rep Power
    93
    Another +1 for IPSCA here. Installed the cert for Sharepoint 2010 on IIS and ISA 2006 and all works fine in IE.

    They still haven't installed their root CA into Firefox's repository yet, well over a year since it was last discussed.

    Frankly I think the other cert vendors ought to follow this lead and allow free certs for educational establishments. We are not using the cert to facilitate eCommerce to make money. We use it to secure student data for teaching. A non commerical, not for profit free educational cert should be mandatory.

    I used to use StartCOM at home when using Exchange. However they need to send the validation email to your TLD. Which in my cast is either hostmaster/postmaster/administrator@bham.sch.uk. I did ask back at my old school whether they'd pass the emails on so I could a free one for portal.school.bham.sch.uk but they refused. I assume they believed I could then issue certs for all schools under the TLD.

    I didn't realise you could get a wildcard cert from IPSCA. I just choose portal.schoolname.bham.sch.uk. Frankly with ISA you can push everything through on one address anyway.

    Anyway no more cert errors!

    I do miss the old days of self signing. It was frankly funny to hear a friend tell me about when she was scammed. She said that the website had the "Padlock" icon to say it was secure, so how did she get scammed? I told her that her credit card details were sent securely, just direct to the scammers! I assume thats why in IE7+ self signing certs give errors.
    Last edited by Trapper; 30th May 2011 at 04:52 PM. Reason: Removed school name. Dang AUP.

  11. #41
    Trapper's Avatar
    Join Date
    Apr 2007
    Location
    Birmingham
    Posts
    1,209
    Thank Post
    74
    Thanked 147 Times in 119 Posts
    Rep Power
    93

  12. Thanks to Trapper from:

    SYNACK (17th June 2011)

SHARE:
+ Post New Thread
Page 3 of 3 FirstFirst 123

Similar Threads

  1. Cannot log in as root
    By Teth in forum *nix
    Replies: 3
    Last Post: 30th November 2007, 02:37 PM
  2. Forest Root concerns
    By u8dmtm in forum Wireless Networks
    Replies: 1
    Last Post: 13th December 2006, 11:43 AM
  3. Root Kits
    By tickmike in forum Windows
    Replies: 3
    Last Post: 15th November 2006, 11:00 PM
  4. Now they want my server root password.
    By tickmike in forum General Chat
    Replies: 29
    Last Post: 9th September 2006, 11:23 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •