Re: [IUG] purchasing ssl certificates help please

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Date: Wed, 17 Oct 2007 17:18:51 +0100
From: "Jones,Christine Mary" <iss010 at bangor dot ac dot uk>
Subject: Re: [IUG] purchasing ssl certificates help please

Thanks to Caroline and Bob for their replies.

We are going to try the free certificate supplied to us by JANET (Joint Academic Network) for now. This does not allow secure financial transactions so we will upgrade if and when Ecommerce becomes available over here.

Chris.

Bob Duncan wrote:

At 01:09 PM 10/11/2007, Christine wrote:
Can anyone tell me please whether we need to buy the more expensive
wildcard ssl certificate (*.unicat.bangor.ac.uk)?

We are about to purchase a certificate for the secure browsing in 'The
New ISI Web of Knowledge, v.4' which is accessed via WAM.

We are also probably be needing a certificate for Ecommerce.

Will one ordinary certificate do for both?

Certificates are issued for a host; if you try to establish a secure connection to a host and the cert doesn't match the host, you get an error/warning dialog. So assuming Ecommerce and WAM both look to unicat.bangor.ac.uk, a single cert issued for unicat.bangor.ac.uk would suffice for secure access to Ecommerce and WAM functionality.

The problem with WAM and certs comes when the site being proxied uses https, in which case you get a rewritten URL that uses https instead of http, and there's no cert for the rewritten hostname.

Example. You have a proxied link to WoK that looks like this:
http://0-isiknowledge.com.unicat.bangor.ac.uk/

When a cert is installed, this will redirect to:
https://unicat.bangor.ac.uk/validate/http%3A%2F%2F0-isiknowledge.com.unicat.bangor.ac.uk%3A80%2F

...which works. But once you're in WoK, if WoK throws a secure page at you, you'll get something along the lines of:

https://0-isiknowledge.com.unicat.bangor.ac.uk/

...which will cough up an error/warning, because no cert has been issued to 0-isiknowledge.com.unicat.bangor.ac.uk/. You can usually just dismiss the warning, but it can throw users off a bit.

A wildcard certificate issued to *.unicat.bangor.ac.uk should take care of that because the 0-isiknowledge.com. part of the "host" will be covered.

Note that I have no direct experience with wildcard certificates; we just installed a regular cert and the above is based on my experience and understanding of what's afoot. Corrections of misunderstandings welcome.

Also---the "secure browsing" in Web of Knowledge will only apply to personalization features within the platform; normal use of the database will not be affected.

Bob Duncan

~!~!~!~!~!~!~!~!~!~!~!~!~
Robert E. Duncan
Systems Librarian
Editor of IT Communications
Lafayette College
Easton, PA 18042
duncanr at lafayette dot edu
http://www.library.lafayette.edu/

--
This message was distributed through the Innovative Users Group INNOPAC list
Public replies: INNOPAC at innopacusers dot org
Update your subscription options: http://innopacusers.org/mailman/listinfo/innopac

--
Chris.M.Jones iss010 at bangor dot ac dot uk

--
Gall y neges e-bost hon, ac unrhyw atodiadau a anfonwyd gyda hi,
gynnwys deunydd cyfrinachol ac wedi eu bwriadu i'w defnyddio'n unig
gan y sawl y cawsant eu cyfeirio ato (atynt). Os ydych wedi derbyn y
neges e-bost hon trwy gamgymeriad, rhowch wybod i'r anfonwr ar
unwaith a dilëwch y neges. Os na fwriadwyd anfon y neges atoch chi,
rhaid i chi beidio â defnyddio, cadw neu ddatgelu unrhyw wybodaeth a
gynhwysir ynddi. Mae unrhyw farn neu safbwynt yn eiddo i'r sawl a'i
hanfonodd yn unig ac nid yw o anghenraid yn cynrychioli barn
Prifysgol Bangor. Nid yw Prifysgol Bangor yn gwarantu
bod y neges e-bost hon neu unrhyw atodiadau yn rhydd rhag firysau neu
100% yn ddiogel. Oni bai fod hyn wedi ei ddatgan yn uniongyrchol yn
nhestun yr e-bost, nid bwriad y neges e-bost hon yw ffurfio contract
rhwymol - mae rhestr o lofnodwyr awdurdodedig ar gael o Swyddfa
Cyllid Prifysgol Bangor. www.bangor.ac.uk

This email and any attachments may contain confidential material and
is solely for the use of the intended recipient(s). If you have
received this email in error, please notify the sender immediately
and delete this email. If you are not the intended recipient(s), you
must not use, retain or disclose any information contained in this
email. Any views or opinions are solely those of the sender and do
not necessarily represent those of the Bangor University.
Bangor University does not guarantee that this email or
any attachments are free from viruses or 100% secure. Unless
expressly stated in the body of the text of the email, this email is
not intended to form a binding contract - a list of authorised
signatories is available from the Bangor University Finance
Office. www.bangor.ac.uk

References:
- [IUG] purchasing ssl certificates help please
  - From: Jones,Christine Mary
- Re: [IUG] purchasing ssl certificates help please
  - From: Bob Duncan

Prev by Date: Re: [IUG] Strange OPAC behavior
Next by Date: Re: [IUG] LDAP: unanticipated consequences
Previous by thread: Re: [IUG] purchasing ssl certificates help please
Next by thread: Re: [IUG] Search criteria for 260|c
Index(es):
- Date
- Thread