Self signed SSL certificate vs verified

Greetings Fellow 'Noids.

I'm curious how many website administrators are using self-signed SSL
certificates for their public websites. Currently I have a free but
verified SSL certificate (from ipsCA) on our public website, but a
self-signed certificate for our proxy server (EZproxy). If you are
using a self-signed certificate have your users had any problems
accessing the site? Both Firefox and IE display an intimidating
message for users when they access a self-signed site.

Please respond to me directly, and I can post a summery to the list if
there is anyone else interested.

Thanks!
-Stacey Rowland
University of Mississippi Law Library
Public Services Law Librarian

‹ Request for Assistance AND Community Contribution Opportunity SCT Banner Reporting Interface ›

Comments

mjewell2 years ago

RE: Self signed SSL certificate vs verified

Unsigned certs (non verifiable) will cause a problem in almost every browser
on the market now.

Get a cert from ipsCA for ezproxy, the wildcard certs are also free for
.EDU's, just select the free .EDU option and past in a cert request for
*.ezproxy.whatever.edu and it will approve it.

-Mike

> -----Original Message-----
> From: teknoids-bounces@ruckus.law.cornell.edu [mailto:teknoids-
> bounces@ruckus.law.cornell.edu] On Behalf Of Stacey Rowland
> Sent: Monday, September 14, 2009 3:15 PM
> To: Teknoids
> Subject: [teknoids] Self signed SSL certificate vs verified
>
> Greetings Fellow 'Noids.
>
> I'm curious how many website administrators are using self-signed SSL
> certificates for their public websites. Currently I have a free but
> verified SSL certificate (from ipsCA) on our public website, but a
> self-signed certificate for our proxy server (EZproxy). If you are
> using a self-signed certificate have your users had any problems
> accessing the site? Both Firefox and IE display an intimidating
> message for users when they access a self-signed site.
>
> Please respond to me directly, and I can post a summery to the list if
> there is anyone else interested.
>
> Thanks!
> -Stacey Rowland
> University of Mississippi Law Library
> Public Services Law Librarian
>
> --
> >^..^<~~
> ICQ# 7224997
> Yahoo IM: nonsense28
> MSN Messenger: nonsense28sal
> Homepage: http://www.nonsense28.com
> Public Key for GPG: D6C43AFD
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> I have a spelling checker,
> It came with my pea see;
> It plainly marks four my revue
> Mistakes I cannot sea.
> I've run this poem threw it,
> I'm sure your please too no,
> It's letter perfect in its weight,
> My checker tolled me sew.
> -Author Unknown-
> _______________________________________________
> You are currently subscribed to teknoids as: mjewell@law.umaryland.edu.
> To unsubscribe send a blank email to teknoids-leave@ruckus.law.cornell.edu
> --
> See the web interface at
> http://ruckus.law.cornell.edu/mailman/listinfo/teknoids to get your list
> password, unsubscribe, and view your list settings.

mike.hurley2 years ago

Self signed SSL certificate vs verified

I don't understand why anyone would use a self-signed cert in production,
especially when they can get a free, major-browser-recognized cert from
ipsCA. Using a self-signed cert is essentially the same as not using a
cert at all, since a self-signed cert offers no protection from a "man in
the middle." So if you are not passing any sensitive information over the
connection, then self-signed is ok; but if you don't need to protect the
information, why use SSL at all?

+------------------------------------------+
Michael Hurley
Webmaster/System Administrator
University of Connecticut School of Law
mike.hurley@law.uconn.edu
860.570.5233
+------------------------------------------+

teknoids-bounces@ruckus.law.cornell.edu wrote on 09/14/2009 03:15:17 PM:

> This mail template is enhanced with PGPNotes.
>
> Greetings Fellow 'Noids.
>
> I'm curious how many website administrators are using self-signed SSL
> certificates for their public websites. Currently I have a free but
> verified SSL certificate (from ipsCA) on our public website, but a
> self-signed certificate for our proxy server (EZproxy). If you are
> using a self-signed certificate have your users had any problems
> accessing the site? Both Firefox and IE display an intimidating
> message for users when they access a self-signed site.
>
> Please respond to me directly, and I can post a summery to the list if
> there is anyone else interested.
>
> Thanks!
> -Stacey Rowland
> University of Mississippi Law Library
> Public Services Law Librarian
>

chad.covey2 years ago

RE: Self signed SSL certificate vs verified

We are using a self-signed SSL on our EZProxy, no problems at all.

Regards,

Chad Covey

Texas Tech School of Law Library
E-mail: chad.covey@ttu.edu
Office: 806-742-3990 x300
For all computer support assistance contact computersupport.law@ttu.edu or 806-742-3990 x318
For Website/MyTechLaw/programming requests use this Link
For Law School IT FAQs use this LINK For Main Campus IT FAQs use this Link

-----Original Message-----
From: teknoids-bounces@ruckus.law.cornell.edu [mailto:teknoids-bounces@ruckus.law.cornell.edu] On Behalf Of Stacey Rowland
Sent: Monday, September 14, 2009 2:15 PM
To: Teknoids
Subject: [teknoids] Self signed SSL certificate vs verified

WARNING: The following message makes use of the word "PASSWORD" and may be an attempt to obtain your password. Texas Tech University employees or students should never request password information from you for any reason. In accordance with TTU IT Security Policies (http://www.depts.ttu.edu/infotech/security), you must not reveal your password information to anyone. If you believe that the message below is an attempt to steal your password, forward this message to security@ttu.edu and do not respond to this message.

Greetings Fellow 'Noids.

I'm curious how many website administrators are using self-signed SSL
certificates for their public websites. Currently I have a free but
verified SSL certificate (from ipsCA) on our public website, but a
self-signed certificate for our proxy server (EZproxy). If you are
using a self-signed certificate have your users had any problems
accessing the site? Both Firefox and IE display an intimidating
message for users when they access a self-signed site.

Please respond to me directly, and I can post a summery to the list if
there is anyone else interested.

Thanks!
-Stacey Rowland
University of Mississippi Law Library
Public Services Law Librarian

--
>^..^<~~
ICQ# 7224997
Yahoo IM: nonsense28
MSN Messenger: nonsense28sal
Homepage: http://www.nonsense28.com
Public Key for GPG: D6C43AFD
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I have a spelling checker,
It came with my pea see;
It plainly marks four my revue
Mistakes I cannot sea.
I've run this poem threw it,
I'm sure your please too no,
It's letter perfect in its weight,
My checker tolled me sew.
-Author Unknown-
_______________________________________________
You are currently subscribed to teknoids as: chad.covey@ttu.edu.
To unsubscribe send a blank email to teknoids-leave@ruckus.law.cornell.edu
--
See the web interface at http://ruckus.law.cornell.edu/mailman/listinfo/teknoids to get your list password, unsubscribe, and view your list settings.
_______________________________________________
You are currently subscribed to teknoids as: tekarchive@host2.teknoids.net.
To unsubscribe send a blank email to teknoids-leave@ruckus.law.cornell.edu
--
See the web interface at http://ruckus.law.cornell.edu/mailman/listinfo/teknoids to get your list password, unsubscribe, and view your list settings.