[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: UCC or Wildcard question

To: Patrick Landry <pml@louisiana.edu>
Subject: Re: UCC or Wildcard question
From: "David N. Blank-Edelman" <dnb@ccs.neu.edu>
Date: Tue, 11 Aug 2009 08:01:23 -0400
Cc: Helpful Zimbra Admins <zimbra-hied-admins@sfu.ca>
In-reply-to: <14519264.361249926650346.JavaMail.pml4791@pml4791-laptop>
References: <14519264.361249926650346.JavaMail.pml4791@pml4791-laptop>


On Aug 10, 2009, at 1:50 PM, Patrick Landry wrote:

We use a wildcard cert from ipsCA (http://certs.ipsca.com/). Theiroffer
for 2 year .edu certs for free is good even for wildcard certs.

We do too (though not on the zimbra box at the moment). One caveatabout this registrar that was recently brought to my attention. As itsays on https://spaces.umbc.edu/display/CIG/IPSCA+Certificates, "Thereason we don't use IPSCA for everything is because their OCSPprovider is not compliant with every OCSP client. This causes problemswith certain broken OCSP implementations, such as whatever Firefox isusing. The real fix is to turn off OCSP in firefox, but getting all ofour users to do that would be onerous."

The way this manifests for most people is a short delay before FirefoxSSL connects on machines that don't use a separate OCSP daemon.


      -- dNb

Prev by Date: Re: UCC or Wildcard question
Next by Date: Re: UCC or Wildcard question
Previous by thread: Re: UCC or Wildcard question
Next by thread: Re: UCC or Wildcard question
Index(es):
- Date
- Thread