* Andy Swiffin <[log in to unmask]> [2009-12-07 18:33]:
> I know a number of people here use EZProxy, what certificates are
> you using with it? We obtained one of the free wildcard ones from
> IPSCA, but I've just heard that the "root certificate used to sign
> certificates from ipsCA, "IPS SERVIDORES", will expire 29th December
> 2009". Sure enough, if I look at the "trusted root
> certification authorities" in IE I see that date.
FWIW, in the past I've configured an EZproxy instance with https but
it used plain HTTP for those zone entries (*.ezproxy.example.ac.uk).
So no need for a wildcard certificate at all.
Login was via Shibboleth/SAML and over SSL (you still want an SSL-cert
on that service, so those HTTP POST requests from an IdP that carry
the SAML assertion still end up at HTTPS endpoints -- otherwise
browsers will complain), but the rest was accessed via plain HTTP
(using an HTTP cookie that's not flagged 'secure', obviously).
cheers,
-peter
--
[log in to unmask] - vienna university computer center
Universitaetsstrasse 7, A-1010 Wien, Austria/Europe
Tel. +43-1-4277-14155, Fax. +43-1-4277-9140
|