On Fri, 2 Mar 2001, Rohr, Rob wrote:
> Does the University have a Server Authentication Certificate from a
> trusted Certificate Authority (CA) for the purposes of web communication
> using SSL?
Yes, we have several.
> Does the University have the capability to generate new trusted
> Certificates for departmental use to allow for SSL communication on
> departmental servers?
We aren't a CA, so no, we can't generate new trusted certificates for
We in CIT use Equifax as our CA. We get certificates for $68 each.
> Is there a policy on the generation and use of Certificates used in
> Public Key encryption schemes?
No policy as of yet.
> We would like to enable SSL on our web servers but require a trusted CA
> to issue our Server Authentication Certificate and would prefer not to
> have to spend money annually to Verisign, for instance, if UVM already
> has a trusted certificate and the ability to generate subordinate
> certificates from theirs. Our alumni deserve as much privacy as our
> current students, faculty and staff. We can generate keys and
> certificates willy nilly, but until our site has a trust link back to a
> CA, our certificates are worthless.
We already have several server certificates, but we aren't a CA, so we
can't sign your certificates.
How many certificates would you want to buy? If purchased in bulk, we can
get a better deal than $68 each.
Let me know if you have any questions.