WingNews logo WingNews
top | item 40820221

(no title)

2sk21 | 1 year ago

When it comes to certificates, mess-ups happen frequently in big companies. When I worked at IBM, I initially had the responsibility for obtaining and renewing the code signing certificate for a Java applet that we used in our product. I handed off the responsibility to another employee when I left that group. I was on vacation in the middle of nowhere when I got a panicked call from the product manager asking me to renew the certificate as the employee had quit. I had to spend half a day walking someone through the renewal process - ruined my day.

discuss

order

jmclnx|1 year ago

I feel for you, when I worked at IBM I was surprised they did not have a "known" central authority for creating/maintaining certs. We tried to find if one existed, but no luck.

In the Dept I was in, it was expected the downstream system people would create the certs, and of course I would say 85% of them did not even know what a cert is. When renewal time came, we got blank stares when we mentioned the private cert. Or the person who created the cert left and never trained their replacement. Crazy situation.

I hope things changed since I left.

2sk21|1 year ago

Yeah - it was pretty chaotic when I was there too. We had to use the internal purchase order system to buy certificates from a CA. It was cumbersome as it required several levels of approval. I have long since quit IBM thankfully and had forgotten all about it until I saw this post today :-)

surfingdino|1 year ago

I have certificate related horror stories from projects in the past. It takes a long time to train people to care for all the details and renewals. I spent weeks trying to get an upset client to understand that they messed up CSRs and have to ask the CA to issue new ones. The client refused to accept the simple fact that they made a mistake an wanted an exception to how PKI works.

4ggr0|1 year ago

i'm sure that i've spent a large part of my time trying to figure out why certs weren't working, converting them from one format to another and randomly having to try things until they work.

just today i had to fix our internal certs because for the new ones someone forgot to include the intermediate cert in the chain, making it impossible to use a specific CLI tool. web browsers didn't complain, just the CLI sync tool :)