This is new information to me especially in regards to the SAN certificate. I am very interested in how this will affect the MS Exchange SAN certificate solution especially because currently there isn't a clear architecture for separate client facing servers solely for Internet facing users and intranet facing users.
Otherwise yes, it is good practice to implement your own PKI and use whatever method meets your fancy to deploy and manage those certificates on the endpoints. As far as what root CA to use you can use a Linux box or Windows has an established CA service as well. We use it in production for 802.1x authentication of our systems on the wire and wireless. We use Apple MDM to help manage the Mac certificates and Group Policy to help with the Windows systems. We use the Windows CA. Hope that helps. On Mon, Oct 20, 2014 at 9:40 AM, Brough Turner <[email protected]> wrote: > It appears public SSL certificates won't be a solution by 2016: > > https://support.godaddy.com/help/article/6935/phasing-out-intranet-names-and-ip-addresses-in-ssls > > As I understand it, the "correct" solution is for an enterprise to operate > it's own public key infrastructure, issuing and managing it's own > certificates for internal use based on a private "root" certificate which > employees import into their browsers. I don't have any experience with > this, but if someone on list does, I'd love to know if it's worth the time > and effort. > > Thanks, > Brough > > Brough Turner > netBlazr Inc. – Free your Broadband! > Mobile: 617-285-0433 Skype: brough > netBlazr Inc. <http://www.netblazr.com/> | Google+ > <https://plus.google.com/102447512447094746687/posts?hl=en> | Twitter > <https://twitter.com/#%21/brough> | LinkedIn > <http://www.linkedin.com/in/broughturner> | Facebook > <http://www.facebook.com/brough.turner> | Blog > <http://blogs.broughturner.com/> | Personal website > <http://broughturner.com/> > > > > On Sun, Oct 19, 2014 at 9:49 PM, Cameron Crum <[email protected]> wrote: > >> SSLs.com $4.99/year >> >> On Sun, Oct 19, 2014 at 2:21 PM, Jon Hebb <[email protected]> wrote: >> >>> You can find a 1-Yr Comodo PositveSSL Wildcard cert for less than $100 >>> online if you search around, which would be more than enough to install on >>> your AP's. >>> >>> On Sun, Oct 19, 2014 at 1:31 PM, Josh Luthman < >>> [email protected]> wrote: >>> >>>> There ya go! Slap on DNS and that goes away. >>>> >>>> Josh Luthman >>>> Office: 937-552-2340 >>>> Direct: 937-552-2343 >>>> 1100 Wayne St >>>> Suite 1337 >>>> Troy, OH 45373 >>>> On Oct 19, 2014 1:28 PM, "John Thomas" <[email protected]> wrote: >>>> >>>>> http://www.netcentraldomains.com >>>>> >>>>> $209 per year. >>>>> >>>>> *Sent from my Verizon Wireless 4G LTE DROID* >>>>> >>>>> >>>>> Josh Luthman <[email protected]> wrote: >>>>> >>>>> Few hundred? I remember them being crazy expensive. >>>>> >>>>> Josh Luthman >>>>> Office: 937-552-2340 >>>>> Direct: 937-552-2343 >>>>> 1100 Wayne St >>>>> Suite 1337 >>>>> Troy, OH 45373 >>>>> On Oct 19, 2014 10:08 AM, "John Thomas" <[email protected]> wrote: >>>>> >>>>>> Or you can buy a wildcard for a few hundred dollars and use it on all >>>>>> your devices. >>>>>> >>>>>> *Sent from my Verizon Wireless 4G LTE DROID* >>>>>> >>>>>> >>>>>> Josh Luthman <[email protected]> wrote: >>>>>> >>>>>> Pay for a certified SSL cert for each host. That's 50/device/year. >>>>>> >>>>>> Josh Luthman >>>>>> Office: 937-552-2340 >>>>>> Direct: 937-552-2343 >>>>>> 1100 Wayne St >>>>>> Suite 1337 >>>>>> Troy, OH 45373 >>>>>> On Oct 17, 2014 5:43 PM, "Mike Hammett" <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Ignore it. >>>>>>> >>>>>>> >>>>>>> >>>>>>> ----- >>>>>>> Mike Hammett >>>>>>> Intelligent Computing Solutions >>>>>>> http://www.ics-il.com >>>>>>> >>>>>>> ------------------------------ >>>>>>> *From: *"~NGL~" <[email protected]> >>>>>>> *To: *"WISPA General List" <[email protected]> >>>>>>> *Sent: *Monday, October 13, 2014 7:18:08 PM >>>>>>> *Subject: *[WISPA] security certificate >>>>>>> >>>>>>> There is a problem with this website's security certificate. >>>>>>> >>>>>>> How do I correct this problem? I get this almost every time I log in >>>>>>> to a Ubiquiti radio. >>>>>>> NGL >>>>>>> >>>>>>> If you can read this Thank A Teacher. >>>>>>> And if it's in English Thank A Soldier! >>>>>>> _______________________________________________ >>>>>>> Wireless mailing list >>>>>>> [email protected] >>>>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Wireless mailing list >>>>>>> [email protected] >>>>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> Wireless mailing list >>>>>> [email protected] >>>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Wireless mailing list >>>>> [email protected] >>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>> >>>>> >>>> _______________________________________________ >>>> Wireless mailing list >>>> [email protected] >>>> http://lists.wispa.org/mailman/listinfo/wireless >>>> >>>> >>> >>> >>> -- >>> Best Regards, >>> Jon Hebb >>> Hebb Networks >>> >>> www.hebbnetworks.com >>> Cell: 304.680.6777 >>> Office: 304.460.5533 >>> >>> _______________________________________________ >>> Wireless mailing list >>> [email protected] >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> >> >> _______________________________________________ >> Wireless mailing list >> [email protected] >> http://lists.wispa.org/mailman/listinfo/wireless >> >> > > _______________________________________________ > Wireless mailing list > [email protected] > http://lists.wispa.org/mailman/listinfo/wireless > >
_______________________________________________ Wireless mailing list [email protected] http://lists.wispa.org/mailman/listinfo/wireless
