DigiCert partnership enhances SSL security on Wikimedia sites

Translate this post

The Wikimedia Foundation today announced a partnership with DigiCert, Inc. based in Linden, Utah, to secure its web and mobile properties, using the company’s Enterprise SSL Managed PKI. The agreement supports online authentication and encryption on Wikimedia’s web and mobile properties, while enabling Foundation staff to streamline digital certificate management.

“The Wikimedia Foundation is grateful for this partnership with DigiCert, which will enhance our ability to secure the millions of online exchanges that occur with our websites each day,” said CT Woo, Director of Technical Operations for the Wikimedia Foundation. “It’s important for Wikimedia to identify like-minded partners that value transparency and the privacy of our users.”
DigiCert is an online security provider for many of the most recognized companies and web sites in the world, including four of the top 10 comScore-ranked sites. With 489 million unique visitors to the 285 language Wikipedias and sister sites each month, the Wikimedia Foundation seeks partners who share its mission to ensure transparency and privacy for its users.
DigiCert has seen consistent growth over time and is currently the world’s third-largest provider of enterprise authentication services and digital certificates, with numerous government, educational and business clients around the world.
“DigiCert is pleased to partner with the Wikimedia Foundation in recognizing the importance of the free and secure flow of information across the Internet and to support the Foundation’s mission,” said DigiCert CEO Nicholas Hales in a press release. “We’re excited to have another opportunity to demonstrate the quality, scalability and flexibility of DigiCert’s products for a continually expanding roster of globally leading organizations of all sizes and industries.”
CT Woo, Director of Technical Operations

Archive notice: This is an archived post from blog.wikimedia.org, which operated under different editorial and content guidelines than Diff.

Can you help us translate this article?

In order for this article to reach as many people as possible we would like your help. Can you translate this article to get the message out?

Inline Feedbacks
View all comments

Interesting. I’m curious to know whether open source projects were considered in selecting the WMF’s SSL provider (were options such as OpenSSL considered?), and also how the selection process was organised (was there a RfP or tendering process?).
Also, would the WMF be able to share how much this commercial solution costs?

I agree with Mike Peel. The announcement is lacking some details.

Our biggest challenge when selecting the SSL provider was to find someone willing to custom-make one for us, specifically, a certificate that supports both wildcard.domain name as well as wildcard.subject alternative name. All SSL vendors do provide the *. feature and only 2 entertained the idea of issuing a custom wildcard SAN. Given our URL structure and the number of languages we support, not having an SSL certificate with wildcard SAN is a major issue.
Unfortunately the contract prohibits us from disclosing the cost, however we got a good deal.

Having a vendor to support the specifics that WMF is required makes certainly sense but on the other hand not being able to disclose particulars of the contract is somehow disturbing.
Notions like “we got a good deal” have to been put into relations as that to what “good” means. Fundraising money is used to serve the contract but it should be clear on which terms that will happen and a bit more transparency should work for both DigiCert, and WMF.

Why is Wikimedia not having their own SSL-Service… i mean Wikimedia is big enogh to provide such a service, maybe for other open source projects too?