Too soon for me to tell -- these are the first IPS CA certs on our campus. My
limited testing hasn't shown any troubles yet. Since we were using self-signed
certs previously, our students were used to the cert warning. The problem came
with moving from subnet to subnet; the box would change, but the cert didn't,
and the error sometimes prevented the student from authenticating. I seem to
recall IE was more forgiving / sloppier than Firefox.

As we are implementing CCA on campus, the roaming population is about to
explode, so I wanted to update the certs before the semester begins next week.

More information as I get it; we'll be watching carefully.

--Cal Frye, Network Administrator, Oberlin College
   www.calfrye.com, www.pitalabs.com, www.ouuf.org

  "If you can cause enough doubt on evolution, liberalism will die." --
Rev.Terry Fox, Southern Baptist.


Ryan Dorman wrote:
> Cal et al.
> 
>     I also have IPS CA certs on my CCA boxen.  Have you found that sometimes
> for no good reasons IE just doesn't' seem to trust the root authority.  It
> seems that on 90% of computers, it works just fine.  Then here and there it
> will give untrusted publisher warnings and the like.  Same up to date
> versions of IE.  Haven't seen the issue with Firefox yet. Any clues?