I'm done with the worry part at this point.
We are going to purchase a certificate elseware, because we can't wait
for ipsCA root Cert to get into popular browsers. It creates a really
bad user experience if our users are getting what seem to them to be
"WARNING--YOUR ARE ABOUT TO DIE" messages from their browser when coming
through or to our site. If we train them that it is OK to make an
exception for our cert, we are doing them a disservice and training them
to take risks.
I know other server admins on campus are purchasing certs also. I wish
I was in the certificate business today--not really.
Tim McGeary wrote:
I'm a little dismayed at the eleventh hour posting of the email. It
makes it feel illegitimate, but I have had other confirmation that it is
legit, too.
Another thing to worry about before Christmas...
Tim McGeary
Team Leader, Library Technology
Lehigh University
610-758-4998
[email protected]
[email protected]
GTalk/Yahoo/Skype: timmcgeary
Walker, David wrote:
I see now that I'm looking at the intermediate certificate. The root
does expire in 2009.
Nevermind. :-)
--Dave
==================
David Walker
Library Web Services Manager
California State University
http://xerxes.calstate.edu
________________________________________
From: Walker, David
Sent: Thursday, December 17, 2009 1:40 PM
To: Code for Libraries
Subject: RE: [CODE4LIB] ipsCA Certs
Hi John,
I also got this email. We also recently installed an ipsCA wildcard
cert for a test EZProxy install.
Looking at the details of our ipsCA wildcard certificate in Firefox,
though, I can see the chain of certificates going up to the root ipsCA
cert.
Firefox says that that root certificate -- ipsCA CLASEA1 Certificate
Authority -- is good until 2025. I see the same thing in IE, Safari,
and I assume every other browser I might check.
Do you see that too?
--Dave
==================
David Walker
Library Web Services Manager
California State University
http://xerxes.calstate.edu
________________________________________
From: Code for Libraries [[email protected]] On Behalf Of John
Wynstra [[email protected]]
Sent: Thursday, December 17, 2009 1:02 PM
To: [email protected]
Subject: [CODE4LIB] ipsCA Certs
Out of curiosity, did anyone else using ipsCA certs receive notification
that due to the coming expiration of their root CA (December 29,2009),
they would need a reissued cert under a new root CA?
I am uncertain as to how this new Root CA will become a part of the
browsers trusted roots without some type of user action including a
software upgrade, but the following library website instructions lead me
to believe that this is not going to be smooth. http://bit.ly/53Npel
We are just about to go live with EZProxy in January with an ipsCA cert
issued a few months ago, and I am not about to do that if I have serious
browser support issue.
--
<><><><><><><><><><><><><><><><><><><>
John Wynstra
Library Information Systems Specialist
Rod Library
University of Northern Iowa
Cedar Falls, IA 50613
[email protected]
(319)273-6399
<><><><><><><><><><><><><><><><><><><>
--
<><><><><><><><><><><><><><><><><><><>
John Wynstra
Library Information Systems Specialist
Rod Library
University of Northern Iowa
Cedar Falls, IA 50613
[email protected]
(319)273-6399
<><><><><><><><><><><><><><><><><><><>
