On exchange 2003 and Forefront UAG 2010 (TMG components), the cert is working on both of those.
Have you whitelisted the CRLs listed in the cert on your proxy??
I looked at GoDaddy and RapidSSL, after IpsCA revoked their cert. I went with rapidSSL in the end. They were quick, easy to install, and cheap.
The one month freeSSL was a bit harder to set up as it involved an automated telephone authentication stage.
Mmmm... I've just looked at RapidSSL again whilst typing this, and their prices are much higher than I paid (was about £15, now £49 per year). Either they've put their prices up, or I got an education discount. :confused:
yeah you need to ask one for the webmail site or wild card the ssl request then you can do all your domains.
It looks like you have to pay for a wildcard. It didn't like webmail.warwick.surrey.sch.uk as it dodn't recognise it as our domian name, here was the response:
SSL Server Certificate Request Denied for: SERVER AND DOMAIN UNKNOWN
Dear Mr/Mrs Davis, Graham
Your SSL Certificate Request has been denied for the following reason:
Your CSR file information cannot be read.
Possible reasons are:
1.- You did not paste a correct formated Base64 CSR file.
2.- You did not paste the complete CSR Text or you did not include the full BEGIN and END lines with all dashes.
3.- You included characters not allowed in the request.
Please make sure that the COMMON NAME (CN) in your CSR is the Fully-Qualified Domain Name (example: IndexPortada ) of your OWN Server, or if it is an intranet server, use the network name of your server.
:confused: What now?
Right the wildcard works on the server, lets hope we don't get a sneaky bill through the post !!
Which certs do I need to roll out via gpo and how as I now have :
trustico. They're much cheaper that way at £14.70 per year, with discounts for longer term. Fast efficient service too.
Are these guys still a valid SSL Cert company? Does any info get sent to them data-wise? I'm not entirely sure how SSL works. I would like to secure the connection between my VLE and the clients accessing it. i would also like to secure the connection on my website and webmail system.
Another +1 for IPSCA here. Installed the cert for Sharepoint 2010 on IIS and ISA 2006 and all works fine in IE.
They still haven't installed their root CA into Firefox's repository yet, well over a year since it was last discussed.
Frankly I think the other cert vendors ought to follow this lead and allow free certs for educational establishments. We are not using the cert to facilitate eCommerce to make money. We use it to secure student data for teaching. A non commerical, not for profit free educational cert should be mandatory.
I used to use StartCOM at home when using Exchange. However they need to send the validation email to your TLD. Which in my cast is either email@example.com. I did ask back at my old school whether they'd pass the emails on so I could a free one for portal.school.bham.sch.uk but they refused. I assume they believed I could then issue certs for all schools under the TLD.
I didn't realise you could get a wildcard cert from IPSCA. I just choose portal.schoolname.bham.sch.uk. Frankly with ISA you can push everything through on one address anyway.
Anyway no more cert errors!
I do miss the old days of self signing. It was frankly funny to hear a friend tell me about when she was scammed. She said that the website had the "Padlock" icon to say it was secure, so how did she get scammed? I told her that her credit card details were sent securely, just direct to the scammers! I assume thats why in IE7+ self signing certs give errors.
Another free cert vendor:
GeoTrust founders offer free SSL ? The Register