OK, thanks for explaining the Service Alert. I read it thrice and apparently wasn't understanding that it was ONLY for outside servers. The way it was worded it sounded like "we're upgrading, and other servers will need to be upgraded too, here are instructions that we're going to mass mail everyone with a certificate attached."
I'm curious though, who determined the list of recipients for that email? I had a few users call to ask me about that message, users that should stay as far away from the servers as possible.
Jon Galbreath, MCSE
Systems Administrator
International Studies and Programs
Helpdesk: 517-884-2148
Ph: 517-884-2144
[log in to unmask]<mailto:[log in to unmask]>
From: [log in to unmask] [mailto:[log in to unmask]] On Behalf Of Carl Bussema III
Sent: Tuesday, January 10, 2012 3:56 PM
To: Jon Galbreath
Cc: [log in to unmask]
Subject: Re: [MSUNAG] Sentinel certificate update
Reading the service alert, it looks like you need to worry about this ONLY if you are running your own SENTINEL server (not using AIS', something I didn't even know was an option). That should have been spelled out in the message, which I initially took for somewhere between mistake (optimistic) and malicious (pessimistic). " Clients of AIS who have servers with Sentinel installed that are not housed with AIS will need to upgrade themselves."
That doesn't answer "Why isn't AIS using a recognized certificate authority with root certificates that computers already trust?" But 50% isn't bad, right?
Carl Bussema III
Information Technologist
Michigan State University Outreach & Engagement
Phone: (517) 353-8977 * Fax: (517) 432-9541
[log in to unmask]<mailto:[log in to unmask]>
On Tue, Jan 10, 2012 at 3:49 PM, Jon Galbreath <[log in to unmask]<mailto:[log in to unmask]>> wrote:
Uh, why are we being asked to install a questionable certificate on individual machines? Why isn't AIS using a recognized certificate authority with root certificates that computers already trust?
Jon Galbreath, MCSE
Systems Administrator
International Studies and Programs
Helpdesk: 517-884-2148<tel:517-884-2148>
Ph: 517-884-2144<tel:517-884-2144>
[log in to unmask]<mailto:[log in to unmask]>
From: AIS.HELP.DESK [mailto:[log in to unmask]<mailto:[log in to unmask]>]
Sent: Tuesday, January 10, 2012 3:22 PM
To: lots of names
Subject: Sentinel certificate update
Hello,
The purpose of this email is to provide instructions and the file to install the update to your Sentinel server as posted in the service alert at http://servicestatus.msu.edu/status_summary.php. Please read the instructions below and contact the AIS Service Desk at 517-884-3000<tel:517-884-3000> with any questions.
1. Save the attached Certificate file locally to your server with file name x_msu.edu.cer.
2. Double-click it to install.
a. From the General tab, click the Install Certificate button.
b. Click Next and at the Certificate Store screen,
i. Select Place all certificates in the following store radio button.
1. Click the Browse button.
2. Select Trusted Root Certification Authorities from the Select Certificate Store pop-up window.
a. Click the OK button.
ii. Click Next and Finish to complete the setup.
c. Click the Install Certificate button.
d. Click Next and at the Certificate Store screen,
i. Select Place all certificates in the following store radio button.
1. Click the Browse button.
2. Select Third-Party Root Certification Authorities from the Select Certificate Store pop-up window.
a. Click the OK button.
ii. Click Next, Finish and OK to complete the setup.
Thank you,
AIS Service Desk
Michigan State University
(517) 884-3000<tel:%28517%29%20884-3000>
