>>>> Thomas Schmidt <tom@opensuse.org> 12/9/2011 3:23 AM >>>
>On 08.12.2011 17:00, Matthew Ehle wrote:
>> Hello,
>> I am putting together a budget for certificates next year, and I would like to know about ALL of the
>>openSUSE sites that require SSL. Basically,
>> I am trying to determine if we should get a wildcard or a SAN certificate, and the number of
>>domains that need SSL is a big factor in that.
>> Since the login for the wikis, blogs, and forums happens through a central location now, they no
>>longer need certificates. I think build and api
>> might still need them. I'm not sure about the others.
>> Thank you,
>> Matt
>
>Hi Matt, these sites currently use ssl:
>features.opensuse.org
>build.opensuse.org
>retro.opensuse.org
>connect.opensuse.org
>static.opensuse.org
>beans.opensuse.org
Good, it looks like that certificate renewal timeline is in line with all the other certs I need to take care of. This number of sites is just enough to justify going with a wildcard certificate. In late January, please send me CSRs for these sites, and I'll send you back a 3 year certificate. By the way, DigiCert allows for unlimited duplicates, so send me as few or as many CSRs as you want.
>Not all of them running behind ichain/access manager.
We may want to consider getting them all behind Access Manager. It's up to the admins for those other sites whether the extra features are worth it, but Access Manager has a lot to offer. The big differences between the custom SSO for the above sites and Novell Access Manager are:
SAML/Liberty federation
Acceleration (caching)
SSO with the blogs, wikis, and forums (as well as suse.com and novell.com)
The list goes much longer than that, but I think the above would be the most interesting for what those sites would want or need.