Re: [Discuss] ssl certs
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss- bounces+blu=nedharvey@blu.org] On Behalf Of Stephen Adler I got sucked into buying an ssl certificate from godaddy for $12.99 a month which it turns out is for the first one and then it goes to $70/year after that. What's the cheapest ssl certificate I can get? Besides a self signed one. I don't know what you did there, but - As others have pointed out, you can get free certs from startssl.com. This is what I use most of the time. But don't make a mistake. You have to pay for revokations. Also, there are various limitations on the free certs - they're not the strongest level (they're pretty weak), and they're only good for a year, and only good for one machine, and ... You can't renew early. So you can't consolidate expiration dates if you manage a bunch. And stuff like that. But aside from that, I think you're doing something wrong with godaddy too. Because of the limitations of startssl (and the fact that not EVERY client trusts startcom) Most trust startcom, but sometimes I find cell phones or various other applications that don't accept them, etc... Anyway, point is, once in a while I'll have to go get something other than startcom, and then I normally use godaddy. I expect to pay something like $20 or $30 per year. And it doesn't go up year after year. Not significantly. So if you care, I suggest calling them and asking what you're doing wrong. (Their phone support is actually quite excellent. Relatively speaking.) ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] ssl certs
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss- bounces+blu=nedharvey@blu.org] On Behalf Of Brendan Kidwell In an era where there are hundreds or thousands of uncounted and unregulated certificate providers that (AFAIK) can sign a cert for any domain in the world, Ummm... One of us doesn't know what you're talking about. ;-) If you go into any client (firefox, etc) or OS, there is a list of trusted root CA's. For example right now I'm looking at Chrome Settings/Under the Hood/Manage Certificates/Trusted Root CA. There are 34 roots listed. This is very far from hundreds of thousands. Anything not signed by one of these 34 would be untrusted by my browser, so even if there are hundreds of thousands of organizations out there claiming to be an authority, that's not what matters. My browser trusts 34 authorities, and no more. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] ssl certs
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss- bounces+blu=nedharvey@blu.org] On Behalf Of Jack Coats You might check to see if you could get a cert from cacert.org You can find people in your area that could generate a cert for you. At one time I thought CACERT finally made it into the big time of cert authorities so their certs should be valid everywhere now. So... The list of trusted root authorities varies from client to client. If you were being really diligent (unrealistically) you would gather all the lists of trusted roots from all the clients you care about, and then find the intersection of them all, and choose one of the CA's that meets your needs. But in reality, you're just going to pick one without doing all that OCD diligence. Maybe you'll look at *one* client list, as a starting point. At least in Windows Chrome, CACert is not one of them. Unless, perhaps, they sign under some other name. For example, startssl signs under the name startcom. Verisign = Verisign. Godaddy=Godaddy. Thawte=Thawte. For the most part, it's pretty easy to find a specific CA based on the name of their CA trusted root cert. I don't see anything that seems suspiciously similar to CACert. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] ssl certs
On Sat, Mar 31, 2012 at 2:40 PM, Ward Vandewege w...@pong.be wrote: On Sat, Mar 31, 2012 at 01:21:04PM -0400, Stephen Adler wrote: $70/year after that. What's the cheapest ssl certificate I can get? Besides a self signed one. http://startssl.com Free, but the interface is a bit clunky. They don't hold your hand, but I had no trouble or complaints setting up a Startssl.com certificate for my VPS. See https://vicky.glump.net for an example deployment if want to see what their cert looks like. In an era where there are hundreds or thousands of uncounted and unregulated certificate providers that (AFAIK) can sign a cert for any domain in the world, the AUTHENTICATION provided by the system as a whole is worthless, so why pay for it? (Note, I am not actually responsible for any enterprise deployments of an SSL certificate right now, so that makes me not an expert.) ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] ssl certs
You might check to see if you could get a cert from cacert.org You can find people in your area that could generate a cert for you. At one time I thought CACERT finally made it into the big time of cert authorities so their certs should be valid everywhere now. Might be worth a check. ... Jack ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] ssl certs
Guys, I got sucked into buying an ssl certificate from godaddy for $12.99 a month which it turns out is for the first one and then it goes to $70/year after that. What's the cheapest ssl certificate I can get? Besides a self signed one. Thanks for the advice. A couple of years ago, my previous company got a godady cert, which worked fine and all, but not all the customer's browsers recognized it. We eventually had to pony up for a Network Solutions cert. The moral of the story: look at the ssl authorities your projected customers accept (based on age of the browsers and OS) and pick from one of those. If it is a web site, you sort of need to pay the cash. If it is just your stuff, roll an Inno Setup to install your cert on Windows. Seriously, I think the whole ssl authority model is fucked up, but that is a whole new level of discussion. Cheers. Steve. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] ssl certs
Guys, I got sucked into buying an ssl certificate from godaddy for $12.99 a month which it turns out is for the first one and then it goes to $70/year after that. What's the cheapest ssl certificate I can get? Besides a self signed one. Thanks for the advice. Cheers. Steve. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] ssl certs
On Sat, Mar 31, 2012 at 01:21:04PM -0400, Stephen Adler wrote: Guys, I got sucked into buying an ssl certificate from godaddy for $12.99 a month which it turns out is for the first one and then it goes to $70/year after that. What's the cheapest ssl certificate I can get? Besides a self signed one. http://startssl.com Free, but the interface is a bit clunky. Thanks, Ward. -- Pong.be -( Free Software as in free speech, not free beer. Think )- Virtual hosting -( of freedom, not price. -- Richard Stallman )- http://pong.be -( )- GnuPG public key: http://pgp.mit.edu ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss