I'm done with the worry part at this point.
We are going to purchase a certificate elseware, because we can't wait
for ipsCA root Cert to get into popular browsers. It creates a really
bad user experience if our users are getting what seem to them to be
"WARNING--YOUR ARE ABOUT TO DIE" messages from their browser when coming
through or to our site. If we train them that it is OK to make an
exception for our cert, we are doing them a disservice and training them
to take risks.
I know other server admins on campus are purchasing certs also. I wish
I was in the certificate business today--not really.
Tim McGeary wrote:
> I'm a little dismayed at the eleventh hour posting of the email. It
> makes it feel illegitimate, but I have had other confirmation that it is
> legit, too.
>
> Another thing to worry about before Christmas...
>
> Tim McGeary
> Team Leader, Library Technology
> Lehigh University
> 610-758-4998
> [log in to unmask]
>
> [log in to unmask]
> GTalk/Yahoo/Skype: timmcgeary
>
>
> Walker, David wrote:
>> I see now that I'm looking at the intermediate certificate. The root
>> does expire in 2009.
>>
>> Nevermind. :-)
>>
>> --Dave
>>
>> ==================
>> David Walker
>> Library Web Services Manager
>> California State University
>> http://xerxes.calstate.edu
>> ________________________________________
>> From: Walker, David
>> Sent: Thursday, December 17, 2009 1:40 PM
>> To: Code for Libraries
>> Subject: RE: [CODE4LIB] ipsCA Certs
>>
>> Hi John,
>>
>> I also got this email. We also recently installed an ipsCA wildcard
>> cert for a test EZProxy install.
>>
>> Looking at the details of our ipsCA wildcard certificate in Firefox,
>> though, I can see the chain of certificates going up to the root ipsCA
>> cert.
>>
>> Firefox says that that root certificate -- ipsCA CLASEA1 Certificate
>> Authority -- is good until 2025. I see the same thing in IE, Safari,
>> and I assume every other browser I might check.
>>
>> Do you see that too?
>>
>> --Dave
>>
>> ==================
>> David Walker
>> Library Web Services Manager
>> California State University
>> http://xerxes.calstate.edu
>> ________________________________________
>> From: Code for Libraries [[log in to unmask]] On Behalf Of John
>> Wynstra [[log in to unmask]]
>> Sent: Thursday, December 17, 2009 1:02 PM
>> To: [log in to unmask]
>> Subject: [CODE4LIB] ipsCA Certs
>>
>> Out of curiosity, did anyone else using ipsCA certs receive notification
>> that due to the coming expiration of their root CA (December 29,2009),
>> they would need a reissued cert under a new root CA?
>>
>> I am uncertain as to how this new Root CA will become a part of the
>> browsers trusted roots without some type of user action including a
>> software upgrade, but the following library website instructions lead me
>> to believe that this is not going to be smooth. http://bit.ly/53Npel
>>
>> We are just about to go live with EZProxy in January with an ipsCA cert
>> issued a few months ago, and I am not about to do that if I have serious
>> browser support issue.
>>
>>
>> --
>> <><><><><><><><><><><><><><><><><><><>
>> John Wynstra
>> Library Information Systems Specialist
>> Rod Library
>> University of Northern Iowa
>> Cedar Falls, IA 50613
>> [log in to unmask]
>> (319)273-6399
>> <><><><><><><><><><><><><><><><><><><>
>>
>
>
--
<><><><><><><><><><><><><><><><><><><>
John Wynstra
Library Information Systems Specialist
Rod Library
University of Northern Iowa
Cedar Falls, IA 50613
[log in to unmask]
(319)273-6399
<><><><><><><><><><><><><><><><><><><>
|