Graffiti Design

Follow-up on SSL Certificate Authorities

Just a quick follow-up on my previous post regarding choosing a certificate authority (CA). I ended up picking Digicert as our CA. They are used by a number of large companies, and the reviews were very positive. We went with a Unified Communications certificate for our Exchange 2007 server, and then a wildcard certificate for our portal and VPN. I’ve only installed it for our VPN and Portal, as I am waiting for this weekend to test out the certificate on Exchange, but so far it seems to be working great. Digicert called me to follow-up right after I purchased (even before their email arrived), and their verification process was painless. I would definitely recommend them if you are in the market for certificates.

Also I wanted to link to a good blog post on SSL certificates by a guest writer on Standalone Sysadmin. It’s a great warning to do your due diligence before using an SSL certificate from a third-party.

Posted in Uncategorized | No Comments »

Choosing an SSL Certificate Authority

Right now we’re in the process of doing through a rebranding, with a new firm name, logo, and website. As part of that process, we have registered several new domain names and need to purchase new SSL certificates for our webmail, SSL VPN, and client portal website. Previously I used GoDaddy for our webmail site (OWA), but as I’ve been researching I’ve realized that certificates have gotten much more complicated the past few years.

The first challenge is picking a Certificate Authority (CA). Pick the wrong one, and at best your users will get a warning message that the certificate is not recognized as being valid. At worst, their application just won’t work. After using GoDaddy, I realized several things. One, is that GoDaddy’s root CA isn’t recognized on Windows Mobile 5 devices. This meant I had to manually install the certificates on all of our older Motorola Q phones. Second, Windows Mobile 5 doesn’t recognize wildcard certificates, whichleads to my next challenge. There is also a huge discrepancy in the pricing between CAs. VeriSign, which has the most brand recognization, is easily 3-5 times more expensive than GoDaddy or other cheaper CAs.You may pay more in the long-term, however, as GoDaddy doesn’t allow reissuing certificates like some of the more expensive CAs do. If you make a mistake in your request (such as the wrong common name), your certificate is effectively worthless.

The second challenge is picking the correct cert. There are basic, wildcard, EV (Extended Validation), and multiple common or alternate name certs.  Wildcard certs are valid for all subdomains for company.com. EV certificates were created in 2006 to help fight against phishing attacks, and are a more expensive certificate that requires a much more rigorous process for validation. Modern browsers (Firefox and IE7+) recognize EVs with a green shading on the address bar. Multiple common or alternate name certs allow you to protect several subdomains (but not all) with one certificate.

All of this leads me to how do you chose an SSL certificate? Choosing the CA is obviously important, but you also have to insure you pick the right certificate as well. I haven’t decided who I am going with this round, but I know it won’t be GoDaddy.

Posted in IT, Work | 3 Comments »

Old Is New

I decided to scrap the site I had written from scratch for now. It was functional and worked, but updating and making design changes took a lot of work. Until I have time and motivation to change the code, I choose to relaunch using WordPress. This will (hopefully) allow me to focus on the content until I can revisit the presentation.

Speaking of presentation (look at that smooth segue), I was doing some work on the interface today for a C# program for work and stumbled upon Yahoo!’s Design Pattern Library. It’s a catalog of common interfaces, the problems they attempt to solve, and a discussion on the pros and cons. It’s certainly not the only pattern library available, but it has a fairly extensive collection with good examples. Many, if not most, of the designs should be familiar to you, as they grace a number of websites.

Posted in IT, Website | No Comments »