|
Encrypt Your Internet Transmissions
New Service for Campus Web Server Administrators
by Bob Ono, Campus IT Security Coordinator
Need to Transmit Confidential or Sensitive Information Over the Web?
Whether you're supporting Intranet or Internet services, you may be wondering how to safely transmit confidential or sensitive information between your Web server and a client browser. One of the commonly used methods for moving such information over the public Internet is to encrypt the traffic between the department Web server and end-user browser. This encrypted traffic is performed using Secure Sockets Layer (SSL) security.
In order to use SSL, the Web server must possess a digital certificate. UC Davis has made this process easy and inexpensive. In the past, UC Davis used Verisign's on-site program for this purpose. Recently, we identified a Verisign subsidiary, Thawte, that would offer similar services to UC Davis but only charge a discounted $100 per certificate compared to Verisign's $250 (The Thawte price will rise in fall 2002 to $149 for a new certification and $119 for a certificate renewal). As a result of this more attractive pricing, the campus entered into an agreement with Thawte this spring. Presently, a Web server administrator must email a certificate signing request (generated by your web server), administrator contact information, and a DaFIS seven-digit account code, plus sub-account code if necessary, to security@ucdavis.edu. As part of this enrollment process, Information and Educational Technology (IET) verifies the domain of the Web server (e.g., ucdavis.edu) and the right of the organization requesting the certificate to use the domain name. This enrollment process is done without purchase requisitions or purchase orders. UC Davis pre-purchases web server digital certificates and, after authorizing the certificate, processes a DaFIS distribution of expense to the requesting campus department.
Shortly afterwards, Thawte will notify you of the certificate approval and transmit the certificate to you. The time between your completion of the certificate request and certificate issuance will range between two and twelve hours.
IET will initiate a DaFIS reimbursement for the certificate shortly after verifying the information you submitted. Please keep in mind that you need to safeguard your private key that is generated during creation of the CSR. The private key is needed for the certificate to function. If you lose the private key, you will need to reorder the certificate. There is no reissue cost for the replacement certificate.
If you have questions about the new enrollment process for Thawte digital Web certificates, please contact Robert Ono, the campus IT Security Coordinator, at security@ucdavis.edu or 530-754-6484.
|