Example of the user interface difference between regular DV SSL and EV SSL in the latest browsers.
https://www.thesslstore.com/blog/google-chrome-changing-ssl-indicators/ https://scotthelme.co.uk/are-ev-certificates-worth-the-paper-theyre-written-on/ I recommend DV certificates for 99% of things *except* billing portals. IMHO worth it to have the full company name + green + padlock in the browser bar when people are entering their personal details. I know it's not actually any more secure, it's a placebo effect. On Mon, Apr 9, 2018 at 1:20 PM, Simon Westlake <simon@sonar.software> wrote: > In 99.9% of cases, EV is useless. If you are going to educate your > customers religiously to look not only for the green padlock, but for your > name in the address bar, maybe it's worthwhile. Most people don't look or > care. Google doesn't have an EV cert. Neither does Microsoft or Facebook. > My power company doesn't. Most insurance companies don't. > > The only place I've seen them used heavily is in the financial sector, and > I'd guess that's more about CYA than technical value. > > ------ Original Message ------ > From: "Eric Kuhnke" <eric.kuh...@gmail.com> > To: af@afmug.com > Sent: 4/9/2018 3:03:38 PM > Subject: Re: [AFMUG] ssl certs > > these days there are essentially two types of SSL cert, DV and EV > > DV = domain validated. anyone can get one. this is the same idea for the > $9 SSL certs and free letsencrypt. you only need to prove you control the > domain/server it's issued for. > > EV = extended validation, you need to prove your corporate identity. > should cost around $85/year. > > EV will result in the big green banner with company name in most modern > web browsers. > > https://www.google.com/search?client=ubuntu&channel=fs&q=EV+ > SSL+certificate&ie=utf-8&oe=utf-8 > > On Mon, Apr 9, 2018 at 11:59 AM, Steve Jones <thatoneguyst...@gmail.com> > wrote: > >> tbh, im not really looking for alternative sources, im asking advice on >> what i need in a certificate >> >> On Mon, Apr 9, 2018 at 1:52 PM, Cameron Crum <cc...@murcevilo.com> wrote: >> >>> ssls.com >>> >>> On Mon, Apr 9, 2018 at 1:02 PM, Steve Jones <thatoneguyst...@gmail.com> >>> wrote: >>> >>>> Im no webdude is the main reason. I know alot of people use it, >>>> phishermen love them. Theyre "trusted, but not verified" which, to no >>>> webdude me, says "IT WILL BECOME UNTRUSTED". I hate godaddy, but theyre not >>>> likely to become untrusted, so its not something id have to deal with with >>>> little to no knowlege. plus I dont understand this 90 day thing >>>> >>>> >>>> On Mon, Apr 9, 2018 at 12:08 PM, Mike Hammett <af...@ics-il.net> wrote: >>>> >>>>> Can you use Let's Encrypt? >>>>> >>>>> >>>>> >>>>> ----- >>>>> Mike Hammett >>>>> Intelligent Computing Solutions <http://www.ics-il.com/> >>>>> <https://www.facebook.com/ICSIL> >>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>> <https://twitter.com/ICSIL> >>>>> Midwest Internet Exchange <http://www.midwest-ix.com/> >>>>> <https://www.facebook.com/mdwestix> >>>>> <https://www.linkedin.com/company/midwest-internet-exchange> >>>>> <https://twitter.com/mdwestix> >>>>> The Brothers WISP <http://www.thebrotherswisp.com/> >>>>> <https://www.facebook.com/thebrotherswisp> >>>>> >>>>> >>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >>>>> ------------------------------ >>>>> *From: *"Steve Jones" <thatoneguyst...@gmail.com> >>>>> *To: *af@afmug.com >>>>> *Sent: *Monday, April 9, 2018 12:07:04 PM >>>>> *Subject: *[AFMUG] ssl certs >>>>> >>>>> Our current cert for our billing server (powercode) is about to >>>>> expire. For some time web browsers have been throwing up the insecure >>>>> flag, >>>>> probably needed to update it. >>>>> >>>>> What does a guy need in a certificate these days? godaddy is where we >>>>> have it from, they have all kinds of options like green bar guarantee >>>>> cert, >>>>> etc. >>>>> >>>>> I have thought about getting one thats good for more than one page, >>>>> just to get rid of the annoying security screen on our managment port and >>>>> mobile. but the wildcard cert seems more pricey than id prefer for >>>>> something thats just convienient rather than needed >>>>> >>>>> >>>> >>> >> >