Windows Thread, ipsCA Global CA Root in Technical; Originally Posted by ful56_uk
I installed the new root ca on our tmg box but till get the problem the ...
1st March 2010, 04:30 PM #31
IPCSA cert working here too.
Originally Posted by ful56_uk
On exchange 2003 and Forefront UAG 2010 (TMG components), the cert is working on both of those.
Have you whitelisted the CRLs listed in the cert on your proxy??
4th March 2010, 03:25 PM #32
I looked at GoDaddy and RapidSSL, after IpsCA revoked their cert. I went with rapidSSL in the end. They were quick, easy to install, and cheap.
The one month freeSSL was a bit harder to set up as it involved an automated telephone authentication stage.
Mmmm... I've just looked at RapidSSL again whilst typing this, and their prices are much higher than I paid (was about £15, now £49 per year). Either they've put their prices up, or I got an education discount.
10th March 2010, 03:25 PM #33
- Rep Power
I've got our certificate from ipsca but I asked for one for The Warwick School, should I have asked for one for https://webmail.warwick.surrey.sch.uk as its saying the cert is not valid?
10th March 2010, 03:27 PM #34
yeah you need to ask one for the webmail site or wild card the ssl request then you can do all your domains.
10th March 2010, 03:47 PM #35
You should get *.warwick.surrey.sch.uk
Originally Posted by grahamd22
Exchange 2003 will accept this cert.
Exchange 2007/2010 will require a UC cert (cost about 150 a year), unless you protect it with something like UAG where you can ignore internal certs.
10th March 2010, 04:29 PM #36
- Rep Power
It looks like you have to pay for a wildcard. It didn't like webmail.warwick.surrey.sch.uk as it dodn't recognise it as our domian name, here was the response:
SSL Server Certificate Request Denied for: SERVER AND DOMAIN UNKNOWN
Dear Mr/Mrs Davis, Graham
Your SSL Certificate Request has been denied for the following reason:
Your CSR file information cannot be read.
Possible reasons are:
1.- You did not paste a correct formated Base64 CSR file.
2.- You did not paste the complete CSR Text or you did not include the full BEGIN and END lines with all dashes.
3.- You included characters not allowed in the request.
Please make sure that the COMMON NAME (CN) in your CSR is the Fully-Qualified Domain Name (example: IndexPortada ) of your OWN Server, or if it is an intranet server, use the network name of your server.
10th March 2010, 06:16 PM #37
- Rep Power
Right the wildcard works on the server, lets hope we don't get a sneaky bill through the post !!
Which certs do I need to roll out via gpo and how as I now have :
9th June 2010, 12:55 PM #38
Update: I've just remembered I bought the RapidSSL certs through trustico. They're much cheaper that way at £14.70 per year, with discounts for longer term. Fast efficient service too.
Originally Posted by OverWorked
13th May 2011, 06:34 PM #39
Are these guys still a valid SSL Cert company? Does any info get sent to them data-wise? I'm not entirely sure how SSL works. I would like to secure the connection between my VLE and the clients accessing it. i would also like to secure the connection on my website and webmail system.
30th May 2011, 05:50 PM #40
Another +1 for IPSCA here. Installed the cert for Sharepoint 2010 on IIS and ISA 2006 and all works fine in IE.
They still haven't installed their root CA into Firefox's repository yet, well over a year since it was last discussed.
Frankly I think the other cert vendors ought to follow this lead and allow free certs for educational establishments. We are not using the cert to facilitate eCommerce to make money. We use it to secure student data for teaching. A non commerical, not for profit free educational cert should be mandatory.
I used to use StartCOM at home when using Exchange. However they need to send the validation email to your TLD. Which in my cast is either email@example.com. I did ask back at my old school whether they'd pass the emails on so I could a free one for portal.school.bham.sch.uk but they refused. I assume they believed I could then issue certs for all schools under the TLD.
I didn't realise you could get a wildcard cert from IPSCA. I just choose portal.schoolname.bham.sch.uk. Frankly with ISA you can push everything through on one address anyway.
Anyway no more cert errors!
I do miss the old days of self signing. It was frankly funny to hear a friend tell me about when she was scammed. She said that the website had the "Padlock" icon to say it was secure, so how did she get scammed? I told her that her credit card details were sent securely, just direct to the scammers! I assume thats why in IE7+ self signing certs give errors.
Last edited by Trapper; 30th May 2011 at 05:52 PM.
Reason: Removed school name. Dang AUP.
17th June 2011, 12:18 AM #41
Last Post: 30th November 2007, 03:37 PM
By u8dmtm in forum Wireless Networks
Last Post: 13th December 2006, 12:43 PM
By tickmike in forum Windows
Last Post: 16th November 2006, 12:00 AM
By tickmike in forum General Chat
Last Post: 10th September 2006, 12:23 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)