This is new information to me especially in regards to the SAN certificate. I am very interested in how this will affect the MS Exchange SAN certificate solution especially because currently there isn't a clear architecture for separate client facing servers solely for Internet facing users and intranet facing users.
Otherwise yes, it is good practice to implement your own PKI and use whatever method meets your fancy to deploy and manage those certificates on the endpoints. As far as what root CA to use you can use a Linux box or Windows has an established CA service as well. We use it in production for 802.1x authentication of our systems on the wire and wireless. We use Apple MDM to help manage the Mac certificates and Group Policy to help with the Windows systems. We use the Windows CA. Hope that helps. On Mon, Oct 20, 2014 at 9:40 AM, Brough Turner <bro...@netblazr.com> wrote: > It appears public SSL certificates won't be a solution by 2016: > > https://support.godaddy.com/help/article/6935/phasing-out-intranet-names-and-ip-addresses-in-ssls > > As I understand it, the "correct" solution is for an enterprise to operate > it's own public key infrastructure, issuing and managing it's own > certificates for internal use based on a private "root" certificate which > employees import into their browsers. I don't have any experience with > this, but if someone on list does, I'd love to know if it's worth the time > and effort. > > Thanks, > Brough > > Brough Turner > netBlazr Inc. – Free your Broadband! > Mobile: 617-285-0433 Skype: brough > netBlazr Inc. <http://www.netblazr.com/> | Google+ > <https://plus.google.com/102447512447094746687/posts?hl=en> | Twitter > <https://twitter.com/#%21/brough> | LinkedIn > <http://www.linkedin.com/in/broughturner> | Facebook > <http://www.facebook.com/brough.turner> | Blog > <http://blogs.broughturner.com/> | Personal website > <http://broughturner.com/> > > > > On Sun, Oct 19, 2014 at 9:49 PM, Cameron Crum <cc...@wispmon.com> wrote: > >> SSLs.com $4.99/year >> >> On Sun, Oct 19, 2014 at 2:21 PM, Jon Hebb <j...@hebbnetworks.com> wrote: >> >>> You can find a 1-Yr Comodo PositveSSL Wildcard cert for less than $100 >>> online if you search around, which would be more than enough to install on >>> your AP's. >>> >>> On Sun, Oct 19, 2014 at 1:31 PM, Josh Luthman < >>> j...@imaginenetworksllc.com> wrote: >>> >>>> There ya go! Slap on DNS and that goes away. >>>> >>>> Josh Luthman >>>> Office: 937-552-2340 >>>> Direct: 937-552-2343 >>>> 1100 Wayne St >>>> Suite 1337 >>>> Troy, OH 45373 >>>> On Oct 19, 2014 1:28 PM, "John Thomas" <jtho...@quarnet.com> wrote: >>>> >>>>> http://www.netcentraldomains.com >>>>> >>>>> $209 per year. >>>>> >>>>> *Sent from my Verizon Wireless 4G LTE DROID* >>>>> >>>>> >>>>> Josh Luthman <j...@imaginenetworksllc.com> wrote: >>>>> >>>>> Few hundred? I remember them being crazy expensive. >>>>> >>>>> Josh Luthman >>>>> Office: 937-552-2340 >>>>> Direct: 937-552-2343 >>>>> 1100 Wayne St >>>>> Suite 1337 >>>>> Troy, OH 45373 >>>>> On Oct 19, 2014 10:08 AM, "John Thomas" <jtho...@quarnet.com> wrote: >>>>> >>>>>> Or you can buy a wildcard for a few hundred dollars and use it on all >>>>>> your devices. >>>>>> >>>>>> *Sent from my Verizon Wireless 4G LTE DROID* >>>>>> >>>>>> >>>>>> Josh Luthman <j...@imaginenetworksllc.com> wrote: >>>>>> >>>>>> Pay for a certified SSL cert for each host. That's 50/device/year. >>>>>> >>>>>> Josh Luthman >>>>>> Office: 937-552-2340 >>>>>> Direct: 937-552-2343 >>>>>> 1100 Wayne St >>>>>> Suite 1337 >>>>>> Troy, OH 45373 >>>>>> On Oct 17, 2014 5:43 PM, "Mike Hammett" <wispawirel...@ics-il.net> >>>>>> wrote: >>>>>> >>>>>>> Ignore it. >>>>>>> >>>>>>> >>>>>>> >>>>>>> ----- >>>>>>> Mike Hammett >>>>>>> Intelligent Computing Solutions >>>>>>> http://www.ics-il.com >>>>>>> >>>>>>> ------------------------------ >>>>>>> *From: *"~NGL~" <n...@ngl.net> >>>>>>> *To: *"WISPA General List" <wireless@wispa.org> >>>>>>> *Sent: *Monday, October 13, 2014 7:18:08 PM >>>>>>> *Subject: *[WISPA] security certificate >>>>>>> >>>>>>> There is a problem with this website's security certificate. >>>>>>> >>>>>>> How do I correct this problem? I get this almost every time I log in >>>>>>> to a Ubiquiti radio. >>>>>>> NGL >>>>>>> >>>>>>> If you can read this Thank A Teacher. >>>>>>> And if it's in English Thank A Soldier! >>>>>>> _______________________________________________ >>>>>>> Wireless mailing list >>>>>>> Wireless@wispa.org >>>>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Wireless mailing list >>>>>>> Wireless@wispa.org >>>>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> Wireless mailing list >>>>>> Wireless@wispa.org >>>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Wireless mailing list >>>>> Wireless@wispa.org >>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>> >>>>> >>>> _______________________________________________ >>>> Wireless mailing list >>>> Wireless@wispa.org >>>> http://lists.wispa.org/mailman/listinfo/wireless >>>> >>>> >>> >>> >>> -- >>> Best Regards, >>> Jon Hebb >>> Hebb Networks >>> >>> www.hebbnetworks.com >>> Cell: 304.680.6777 >>> Office: 304.460.5533 >>> >>> _______________________________________________ >>> Wireless mailing list >>> Wireless@wispa.org >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> >> >> _______________________________________________ >> Wireless mailing list >> Wireless@wispa.org >> http://lists.wispa.org/mailman/listinfo/wireless >> >> > > _______________________________________________ > Wireless mailing list > Wireless@wispa.org > http://lists.wispa.org/mailman/listinfo/wireless > >
_______________________________________________ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless