Hello,

every couple of months, I see companies in the high tech industry (that are building hightech products themselves) struggle with work arounds for self signed SSL certificates that somehow "magically" made their way to productive systems. One special case in that row of stupidity are traveler servers. Even a moron of an admin can install and configure them, install a self signed ssl certificate and pull it out into the public. And then put the IT-Directors phone on it. And it works. Him (being the great IT Director) tells all his management colleagues that own 650,- $ Smartphones from Samsung or Apple by the dozens, how easy it is to hook up to traveler. And all of a sudden, the Poc Server of our moron admin becomes the production server that has to be available all the time.
Now, someone in the IT Department tells the admin to ask for wildcard ssl certificate that would cost the same as an upper class smartphone for a year - guess what happens: the IT-Director denies the money. Too expensive. Works fine now, eh ? Why bother ?
And of course the stupidity continues on like that - can't we send our email to our provider via SSL using a self signed certificate ? Yay, that works as well ! A great step forward for your mail safety. Until someone from outside the company starts sending mails about how to buy viagra and much nastier stuff via your providers email server in your name because your provider still trusts self signed certificates that pretend to be you. Outrageous !
Does our moron admin know about this ? Well, it depends. He starts to think that something is fishy here, when emails don't get delivered to external mail domains any more. Because your domain is skyrocketing the spam lists. Then, all of a sudden, you can't send any mails anymore, because your provider stops accepting your self certified ssl certifikate. And you IT director doesn't get his latest invitation to a golf tournament anymore. Oh boy, we are so f****d up !
Sounds familiar ? Well, we got called to three different companies who acted like this in this year alone. Guess who got fired for that chain of desasters ? The ISP that accepted the self signed certificates for mails in the first place because the customers asked them to, no begged them on their knees to not let the company die because of the high-priced SSL Certificate.

Repeat after me - you get what you pay for.

Heiko.

P.S.: One of these companies is now moving their mail to Gmail. Needless to say they are developing high tech products and send beta designs from their customers back and forth by email. They have signed NDA agreements for those design betas because their customers don't want third parties not to see them. But man, it's that cheap, how can you possibly go wrong ?! And we got rid of our moron admin as well, because our secretary can manage the email accounts now, how cool is that ?!
Heiko Voigt   |   1 August 2014 18:05:14   |    SSL  Domino  Traveler    |  
  |   Next Document   |   Previous Document

Comments (0)