Computers, Linux, Software, Web, Windows

The Wildchild of SSL

Well, I suppose that an update on my life is in order. It really seems to be crunch time around the office. The elephant in the room is our implementation of L****** in the next few months. Because of the scale of the p*****, we are recalculating the way we do a lot of other business decisions. To quote my boss: “Since change is coming, if there is a better way to do something, our window is now.”

So what does this mean? Well, all of these idiosyncrasies we have as a university have a chance to change. One Active Directory to look up ANYONE who is involved with Clayton State. One username and password for ALL systems.

Probably the best piece of gold that we found is when discussing SSL certificates for our test machines. We have play and production instances of most of our major systems, so when it comes to SSL things get a little ugly. Please turn a blind eye I believe was the old mantra.

While looking for information about how to get / install an SSL key in Apache Tomcat, I landed on Digicert’s page. The instructions were wonderful, but the best piece of information was something called a “wildcard SSL certificate”. This secures an entire domain instead of just a subdomain. For example, previously “mail.clayton.edu”, and “io.clayton.edu” were two different SSL certificates. That means double the money (about $900 from Verisign). A wildcard SSL certificate takes the subdomain portion, and makes it a wildcard, so the entire domain is secured. For example “*.clayton.edu”, or in other words, our entire campus.

The purchase was made, and I have installed this certificate on one machine already. By my calculations, I think I just saved Clayton State about $8,500.

Advertisements

One thought on “The Wildchild of SSL

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s