[ietf79-tech] cert requests

Joel Jaeggli joelja at bogus.com
Wed Oct 6 06:48:53 PDT 2010 

On 10/4/10 9:02 PM, Chris Elliott wrote:
> Russ,
> 
> Is a wildcard cert a possibility? We need two additonal certs--we have
> one for the portal box, we need one for the Radius server and one more
> for the Wiki/Trac web server. Other needs are likely to come up as new
> services are enabled. So, a wildcard cert would be easier in the long term.
> 
> If not, I'll put in a request for two additional certs.

I'm really tired of the jailhouse lawyering over cert requests.

perhaps it's because they're "free" that we do this each time now.

we should request for each host that we need, being mindful of the
minimum number we can get away-with.

if we can't bound by that stricture we should just generate our own ca
and live with the acomanying mess that entails.

> Thanks!
> Chris.
> 
> On Tue, Sep 14, 2010 at 5:38 PM, Russ Housley <housley at vigilsec.com
> <mailto:housley at vigilsec.com>> wrote:
> 
>     Verisign will not give us a CA cert for free.  We need to request each
>     of the SSL certs we need.
> 
>     Russ
> 
>     On 9/14/2010 1:21 PM, Chris Elliott wrote:
>     > Randy and folks,
>     >
>     > Do we want to get individual certs for the portals and the radius
>     servers and maybe other uses or do we want to request a CA cert? We
>     have time this time around.
>     >
>     > Randy, you have the resources and tools to administer a CA for the
>     IETF, right?
>     >
>     > Chris.
>     >
>     > P.S. chelliot has one "t", while my last name has two. I like
>     hanging on to the last vestiges of the 8-character username
>     requirements...
>     >
>     >
>     > --
>     > Chris Elliott
>     > CCIE # 2013
>     >
>     >
>     > On Sep 14, 2010, at 12:55 PM, Randy Bush <randy at psg.com
>     <mailto:randy at psg.com>> wrote:
>     >
>     >> russ suggests that we have verisign certs this year.  chelliott,
>     could
>     >> you please give him the cert requests?
>     >>
>     >> randy
>     >> _______________________________________________
>     >> ietf79-tech mailing list
>     >> ietf79-tech at daedelus.com <mailto:ietf79-tech at daedelus.com>
>     >> http://www.daedelus.com/mailman/listinfo/ietf79-tech
>     >
> 
> 
> 
> 
> -- 
> Chris Elliott
> chelliot at pobox.com <mailto:chelliot at pobox.com>
> 
> 
> 
> _______________________________________________
> ietf79-tech mailing list
> ietf79-tech at daedelus.com
> http://www.daedelus.com/mailman/listinfo/ietf79-tech

More information about the ietf79-tech mailing list