Musings on Digital Identity

The Certificate Odyssey

I was just reading Ryan Janssen‘s post Becoming an RP with the Pamela Project (pt. 1) and when I got to the end where he wrote “Since it’s going to take a few hours to get my SSL cert issued and installed, I think I’ll post this and go outside for a break!” it reminded me of the certificate odyssey I went through in April last year. After eventually getting the certificate created and installed, I wrote this about it at the time to Stuart Kwan (hip Internet terminologist):

Getting and installing the certificate was an unbelievable odyssey. It was an *incredibly complicated* process, that in my case, involved many visits to Network Solutions’ and GoDaddy’s support sites, several hours of my afternoon on Saturday, using cryptic openssl commands on Linux to create a key pair and a cert signing request (and later to strip the password off the key pair so Apache would start without the password), lots of help on IM from Pam Dingle, and the creation or use of 6 different passwords. Oh, and the cert wasn’t even installed by that point!

And it would have been *so easy* to get any of the steps wrong and have a cert request that was incorrect or to obtain a cert that didn’t do what I wanted it to. I understand the value that certificates provide (and it’s substantial). But we, as an industry, haven’t exactly made it easy for people to obtain and use them…

I’m tempted to blog about that, but I won’t… :-)

But seeing that Ryan is about to go through the same odyssey, I’ve reconsidered, hence this post. I’m now eagerly awaiting part two of his description to see how his experience compares to mine.

Of course, now that CardSpace and other identity selectors have support for no-SSL sites, hopefully this will be an optional odyssey soon — employed only when the security benefits of SSL certificates are called for. I know that Pamela plans to add no-SSL support to PamelaWare for WordPress soon, so after that, the pain that I went through and that Ryan’s in the midst of during a beautiful sunny day on the Lower East Side can be a thing of the past.

Previous

CA Announces Support for Information Card Authentication in SiteMinder

Next

IBM Product Release for Information Cards and OpenID

2 Comments

Leave a Reply

Powered by WordPress & Theme by Anders Norén