[Operators] wildcard cert
jesse.thompson at doit.wisc.edu
Mon Feb 22 12:27:31 CST 2010
On 2/22/2010 9:41 AM, Peter Saint-Andre wrote:
> On 2/22/10 8:35 AM, Jesse Thompson wrote:
>> It looks like StartSSL doesn't offer free wildcard certificates (like
>> crack, the first hit is free)
> It did in the old days when we had the XMPP ICA. In fact we were in the
> process of removing that option for Class 1 certs even for the XMPP ICA
> because of security problems with wildcard certs. Part of the reasoning
> behind pulling the plug on the XMPP ICA and redirecting admins to
> startssl.com was that we'd need to perform stronger verification and
> that infrastructure was already in place at startssl.com but not at
This feels like a bait and switch. The only reason we bothered with the
wildcard certificate was because the XMPP ICA made it easy.
Now, we're tempted to just install our certificate which matches the
server name, and create documentation telling users how to bypass the
certificate mismatch warnings. Since Google Apps suffers from the same
certificate mismatch problem, the reality is that XMPP clients are
having to create workflows to make it easy for users to bypass the
errors. We might as well stick with this clusterf*ck until xmpp-dna or
xmpp-delegate is implemented.
>> Is there a free option for XMPP certificates?
> There is: startssl.com (Class 1).
The wildcard certificates are not free, and the verification
requirements are going to painful for an organization our size.
>> If we have to pay, is GoDaddy an option? (they appear to be cheap and
>> less crappy than StartSSL)
> Feel free to try out GoDaddy and report back. They are not free as far
> as I know. I do not have experience with their certs, only their domain
> registration services.
hmm... a $200 experiment
Division of Information Technology, University of Wisconsin-Madison
Email/IM: jesse.thompson at doit.wisc.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3317 bytes
Desc: S/MIME Cryptographic Signature
More information about the Operators