Home | Penn State SSL Server Certificates Group Program |

SSL Server Certificates

Academic Services and Emerging Technologies (ASET), a unit of Information Technology Services (ITS) at Penn State, obtains digital server certificates for both development and production servers primarily from two sources. Neither has any affiliation with Penn State, ASET or ITS other than as suppliers of such certificates. Each vendor offers their own products, documentation and support. ASET is providing the following information so that members of the University community may benefit from its experience.

Test and Development

CACert is a free, nonprofit certificate authority based in Sidney Australia and is used around the world. Currently, CAcert's certificates are not built in to any of the major Web browsers or e-mail clients, so their root certificate must be imported by each user to avoid warning messages. CACert provides resources on their Web site for this purpose. Until/unless CAcert's root certificate is distributed with clients, their server certificates are probably not appropriate for general production if only due to user support issues. ASET finds CAcerts very useful for test, development, and a few, very limited access production servers. For additional information, please refer to the NewsForge article, "CAcert certificates offer free security."

Production

ASET's production servers currently us certificates from Thawte Technologies. Thawte is a commercial certificate authority owned by Verisign, based in South Africa. Beginning in March 2004, ASET made its account with Thawte available to others at Penn State. By consolidating purchasing power, ASET is able to obtain ever-improving quantity discounts and faster turnaround time for certificate creation. Anyone with servers in the psu.edu domain may request access to a certificate through the Penn State SSL Group Purchase Program.

As mentioned above, the products, documentation, and support are provided by Thawte. The certificate a user receives is identical to what one would obtain through conventional retail channels; however, the turnaround time is much faster and the cost is much lower due to ASET's bulk purchase of these certificates.