Certificate authority

Q

Is there a really good reason why UCAR does not purchase and maintain a signed key by a certificate company? It is a bad security policy to have a self-signed certificate for production websites, and from what I understand the cost is not prohibitively expensive. If we can afford to partner with Boulder B-cycle and build/retrofit two new buildings, why can’t we afford the few dollars it takes to have industry standard protection? It would also avoid the wasted time when trying to access UCAR items in this way.

Answered on August 03, 2011

A

The Web Engineering Group started providing an SSL certificate service in December 2010 using DigiCert, a trusted certificate authority in all Web browsers and mail clients. We were able to finally negotiate a reasonable institution-wide annual cost for this service thanks to downward pressure on educational pricing in the SSL certificate industry. You can email a request to be set up as a DigiCert SSL certificate administrator to cislhelp@ucar.edu.

Documentation on the service is available here.

The URL you provided is an example of the old UCAR Web authentication system that is currently being replaced with a new Web cluster that uses a Kerberos module instead. As we migrate more and more UCAR websites to this new infrastructure in the months ahead, the load certificate Web page that you referenced will no longer appear.

Markus Stobbs
Web Engineering Group Head