Mike,
We will look into including the IPS CA root certs in our next
maintenance release.
-Rajesh.
-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of King, Michael
Sent: Thursday, February 02, 2006 9:25 AM
To: [log in to unmask]
Subject: Re: SSL Shared Secret broken?
We have a few IPS CA certs. It's hard to argue with free for
College/Universities
One is on our main webmail site. (Outlook Web Access)
The only problem we've had reported is some Smartphones did not have the
trusted root certificate, and the owner did not know how to add
certificates.
We also have them on our VPN site, and have had no issues reported.
When we add the 3 new servers we're bringing online next month, they'll
be getting IPS CA certs.
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of Cal Frye
> Sent: Thursday, February 02, 2006 10:16 AM
> To: [log in to unmask]
> Subject: Re: SSL Shared Secret broken?
>
> Too soon for me to tell -- these are the first IPS CA certs on our
> campus. My limited testing hasn't shown any troubles yet. Since we
> were using self-signed certs previously, our students were used to the
> cert warning. The problem came with moving from subnet to subnet; the
> box would change, but the cert didn't, and the error sometimes
> prevented the student from authenticating. I seem to recall IE was
> more forgiving / sloppier than Firefox.
>
> As we are implementing CCA on campus, the roaming population is about
> to explode, so I wanted to update the certs before the semester begins
> next week.
>
> More information as I get it; we'll be watching carefully.
>
> --Cal Frye, Network Administrator, Oberlin College
> www.calfrye.com, www.pitalabs.com, www.ouuf.org
>
> "If you can cause enough doubt on evolution, liberalism will die."
> -- Rev.Terry Fox, Southern Baptist.
>
>
> Ryan Dorman wrote:
> > Cal et al.
> >
> > I also have IPS CA certs on my CCA boxen. Have you found that
> > sometimes for no good reasons IE just doesn't' seem to
> trust the root
> > authority. It seems that on 90% of computers, it works just fine.
> > Then here and there it will give untrusted publisher
> warnings and the
> > like. Same up to date versions of IE. Haven't seen the
> issue with Firefox yet. Any clues?
>
|