PDA

View Full Version : Certificate



FAB
28-01-2011, 03:43 PM
Just heard from someone who was sent an invoice from their IT company to renew the cert on their SBS server...$5,000.

Hmmmmmm

Erayd
28-01-2011, 03:57 PM
Renew the certificate for what? As far as I'm aware, SBS is a one-off purchase (as are CALs), and there isn't any kind of subscription involved.

Are you sure they weren't purchasing another Windows Server version, rather than renewing their existing one?

inphinity
28-01-2011, 04:12 PM
Is there a question here? Is there any more specific info? Could easily be a higher-end, longer-duration SSL certificate with extras for that price.

Erayd
28-01-2011, 05:24 PM
That's a good point, it may not be SBS that they're paying for.

CYaBro
28-01-2011, 05:37 PM
Microsoft Software Assurance agreement or something like that perhaps?
Which isn't compulsary to renew AFAIK.

mikebartnz
28-01-2011, 09:42 PM
or possibly a scam

nedkelly
29-01-2011, 09:58 AM
could be authentication certificate

FAB
31-01-2011, 07:41 AM
Sorry should have been more specific - was pi$$ed off and just posted a short message. Just an SSL cert that you can pick up for what... US$50 on godaddy?

Erayd
31-01-2011, 08:37 AM
Seriously? They charged $5k for a bog-standard, normal, not special in any way SSL certificate with a standard expiry (one or two years)?

That's a pretty significant breach of trust, and possibly illegal.

FAB
31-01-2011, 09:14 AM
Yup - I was quite stunned. They *wanted* to charge $5k, luckily I saw the invoice and put a stop to it. I've advised the client to go to another IT provider based on that invioce, plus some other 'discrepancies'.

inphinity
31-01-2011, 09:41 AM
To play DA, are you sure it was just a standard SSL cert? A multi-year cert with site/publisher authentication and multiple SANs could easily be close to $5k. In fact one of the certs we manage is provided by Verisign and for 3 servers with 4 SANs its something like $50k/2years.

FAB
31-01-2011, 09:48 AM
Totally sure. The client has 11 staff (!) all based on one office - the cert was for remote access so users didn't get the cert error message. They have a single SBS server, no SAN.
They have been spending about $5k a month (yes, unbelievable) on IT support and services from a single company, the client is a not-for-profit and it's sucking all the money they need to actually deliver the service they are supposed to be. Hopefully from this point on they will take my advice and move on to another provider.

Erayd
31-01-2011, 10:33 AM
Yikes... not only does that merit switching providers ASAP, I'd also recommend they get their systems audited in case the previous contractor left any nasties behind (backdoor accounts / VPN access etc).

Don't tell the contractor they're fired until *after* you've had someone else lock them out of the system and made sure there aren't any sneaky ways for them to get back in.

This also warrants a lawsuit if they can be bothered with one... $5k/month for 11 staff & one SBS install is *way* out of line, unless they have some very unusual requirements.