Re: SSL Certificates and ... Providers
Yes, some SSL providers (mostly the overpriced ones) like to license their certs on a per-server basis. If you read the contract language, this is how it's written. However, this is strictly a contractual issue, not a technical one. It's just a way to squeeze more money out of people who don't know any better. Speaking strictly from a technical standpoint, there is nothing at all stopping you from using the same cert/keys on as many servers as you'd like. There are SSL providers out there that are reasonable about the whole thing and sell you a cert, not a single-device-license. - Pete On 12/27/2012 2:47 PM, Blake Pfankuch wrote: Ok, so this might be a little off topic but I am trying to validate something a vendor is telling me and hoping some people here have expertise in this area... I am working with a SSL certificate provider. I am trying to purchase a quantity of wildcard SSL certificates to cover about 60 FQDN's across 4 domains. Vendor is telling me that the Wildcard certificates are licensed per physical device it is installed on. This means instead of using a single wildcard across 20 servers, I would have to buy 20 wildcard certs for 20 servers. This does not compute in my brain and also in my mind completely defeats the purpose of a wildcard cert as I know it. Has anyone run into this before? Thanks Blake
Re: SSL Certificates and ... Providers
Many vendors do this and I highly recommend someone like Digicert that won't play the per-machine licensing game with you. Sent from my iPhone On Dec 27, 2012, at 11:47 AM, Blake Pfankuch bl...@pfankuch.me wrote: Ok, so this might be a little off topic but I am trying to validate something a vendor is telling me and hoping some people here have expertise in this area... I am working with a SSL certificate provider. I am trying to purchase a quantity of wildcard SSL certificates to cover about 60 FQDN's across 4 domains. Vendor is telling me that the Wildcard certificates are licensed per physical device it is installed on. This means instead of using a single wildcard across 20 servers, I would have to buy 20 wildcard certs for 20 servers. This does not compute in my brain and also in my mind completely defeats the purpose of a wildcard cert as I know it. Has anyone run into this before? Thanks Blake
Re: SSL Certificates and ... Providers
On Thu, Dec 27, 2012 at 2:47 PM, Blake Pfankuch bl...@pfankuch.me wrote: Ok, so this might be a little off topic but I am trying to validate something a vendor is telling me and hoping some people here have expertise in this area... I am working with a SSL certificate provider. I am trying to purchase a quantity of wildcard SSL certificates to cover about 60 FQDN's across 4 domains. Vendor is telling me that the Wildcard certificates are licensed per physical device it is installed on. This means instead of using a single wildcard across 20 servers, I would have to buy 20 wildcard certs for 20 servers. This does not compute in my brain and also in my mind completely defeats the purpose of a wildcard cert as I know it. Has anyone run into this before? Thanks Blake Blake Many vendors assign to a single IP address. When you send your CSR it is for one server only. Look at some of the public/free CAs to find some unbiased info. You could hide everything behind a proxy/loadbalancer if you want. -- ~ Andrew lathama Latham lath...@gmail.com http://lathama.net ~
Re: SSL Certificates and ... Providers
I did and it was vendor dependent which is why I switched a year and a half ago. TTFN, Larry http://www.linkedin.com/in/llabas On Dec 27, 2012, at 11:47, Blake Pfankuch bl...@pfankuch.me wrote: Ok, so this might be a little off topic but I am trying to validate something a vendor is telling me and hoping some people here have expertise in this area... I am working with a SSL certificate provider. I am trying to purchase a quantity of wildcard SSL certificates to cover about 60 FQDN's across 4 domains. Vendor is telling me that the Wildcard certificates are licensed per physical device it is installed on. This means instead of using a single wildcard across 20 servers, I would have to buy 20 wildcard certs for 20 servers. This does not compute in my brain and also in my mind completely defeats the purpose of a wildcard cert as I know it. Has anyone run into this before? Thanks Blake
Re: SSL Certificates and ... Providers
On Thu, Dec 27, 2012 at 2:47 PM, Blake Pfankuch bl...@pfankuch.me wrote: Vendor is telling me that the Wildcard certificates are licensed per physical device it is installed on. If you stay at a $200 hotel, you pay an extra $10 for Internet access. If you stay at a $40 motel, Internet is included. Same difference. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
RE: SSL Certificates and ... Providers
Thanks everyone for the quick responses. Our stuff is currently through Verisign because of the reliability of the name and the nature of the industry. Any suggestions for who I should look at to replace them with? I know I will be saving money, but looking to keep the name reliability as well. Thawte and GeoTrust have the same per server model, and looking to get away from that. Thanks! Blake -Original Message- From: Blake Pfankuch [mailto:bl...@pfankuch.me] Sent: Thursday, December 27, 2012 12:48 PM To: NANOG (nanog@nanog.org) Subject: SSL Certificates and ... Providers Ok, so this might be a little off topic but I am trying to validate something a vendor is telling me and hoping some people here have expertise in this area... I am working with a SSL certificate provider. I am trying to purchase a quantity of wildcard SSL certificates to cover about 60 FQDN's across 4 domains. Vendor is telling me that the Wildcard certificates are licensed per physical device it is installed on. This means instead of using a single wildcard across 20 servers, I would have to buy 20 wildcard certs for 20 servers. This does not compute in my brain and also in my mind completely defeats the purpose of a wildcard cert as I know it. Has anyone run into this before? Thanks Blake
Re: SSL Certificates and ... Providers
I've found rapidssl wildcards are generally the cheapest (~$120), and are not limited to a number of servers. In practice, neither are the other brands. Ken On 12/27/2012 1:47 PM, Blake Pfankuch wrote: Ok, so this might be a little off topic but I am trying to validate something a vendor is telling me and hoping some people here have expertise in this area... I am working with a SSL certificate provider. I am trying to purchase a quantity of wildcard SSL certificates to cover about 60 FQDN's across 4 domains. Vendor is telling me that the Wildcard certificates are licensed per physical device it is installed on. This means instead of using a single wildcard across 20 servers, I would have to buy 20 wildcard certs for 20 servers. This does not compute in my brain and also in my mind completely defeats the purpose of a wildcard cert as I know it. Has anyone run into this before? Thanks Blake -- Ken Anderson
Re: SSL Certificates and ... Providers
On 12/27/12, Blake Pfankuch bl...@pfankuch.me wrote: It does make no sense, and I would say it is an unusual restriction, but a CA can put any certificate usage restriction they want in their policy, and technically, they have likely included a right to audit and issue out a revokation/CRL for any certificates not following their usage policy: a common example would be a SSL cert used to facilitate phishing.Make your X509 vendor take the language out of the agreement against the use on multiple servers, or buy from one of the many dozens of other certificate providerswho issues wildcards and has no such special restriction on certificate usage in the certificate signing/usage policies. :) Ok, so this might be a little off topic but I am trying to validate something a vendor is telling me and hoping some people here have expertise in this area... I am working with a SSL certificate provider. I am trying to purchase a quantity of wildcard SSL certificates to cover about 60 FQDN's across 4 [snip] -- -JH
Re: SSL Certificates and ... Providers
On Thu, Dec 27, 2012 at 3:37 PM, Blake Pfankuch bl...@pfankuch.me wrote: Our stuff is currently through Verisign because of the reliability of the name and the nature of the industry. verisign sold this business (like 2+ years ago?), maybe it's time to find someone else with a reliable name? (who hasn't sold the business out from under you)
Re: SSL Certificates and ... Providers
Yes the Verisign auth stuff is done by Symantic as of 2010. -Grant On Thursday, December 27, 2012, Christopher Morrow wrote: On Thu, Dec 27, 2012 at 3:37 PM, Blake Pfankuch bl...@pfankuch.mejavascript:; wrote: Our stuff is currently through Verisign because of the reliability of the name and the nature of the industry. verisign sold this business (like 2+ years ago?), maybe it's time to find someone else with a reliable name? (who hasn't sold the business out from under you)
Re: SSL Certificates
I suppose if you buy a SSL certificate, you should be looking for your CA to have insurance to reimburse the cost of the certificate should that happen, and an ironclad refund clause in the agreement/contract under which a SSL cert is issued These certs cost $9.00. You're not going to get much of an insurance policy at that price. R's, John
Re: SSL Certificates
On Thu, Feb 16, 2012 at 8:33 AM, John R. Levine jo...@iecc.com wrote: I suppose if you buy a SSL certificate, you should be looking for your CA to have insurance to reimburse the cost of the certificate should that happen, and an ironclad refund clause in the agreement/contract under which a SSL cert is issued These certs cost $9.00. You're not going to get much of an insurance policy at that price. again, startssl.com - free. why pay? it's (as you say) not actually buying you anything except random bits anyway... if you can get them for free, why would you not do that?
Re: SSL Certificates
In a message written on Thu, Feb 16, 2012 at 12:57:25AM -0600, Jimmy Hess wrote: There is a risk that any CA issued SSL certificate signed by _any_ CA may be worthless some time in the future, if the CA chosen is later found to have issued sufficient quantities fraudulent certificates, and sufficiently failed in their duties. One thing I'm not clear about is, are there any protocol or implementation limitations that require only one CA? I would think I could take my private key and get multiple CA's to sign it, then present all of those signatures to the client. Should one CA be revoked, my certificate would still be signed by one or more others. Does this work? Does anyone do it? -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpLtcxw3Tod1.pgp Description: PGP signature
Re: SSL Certificates
These certs cost $9.00. You're not going to get much of an insurance policy at that price. again, startssl.com - free. why pay? it's (as you say) not actually buying you anything except random bits anyway... if you can get them for free, why would you not do that? The free ones are supposed to be used only for personal sites. Also, the fact that they tell me to go away and use a different browser when I try to sign up using Chrome does not fill me with warm feelings. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies, Please consider the environment before reading this e-mail. http://jl.ly
Re: SSL Certificates
On 2012-02-16 17:13 , Christopher Morrow wrote: On Thu, Feb 16, 2012 at 8:33 AM, John R. Levine jo...@iecc.com wrote: I suppose if you buy a SSL certificate, you should be looking for your CA to have insurance to reimburse the cost of the certificate should that happen, and an ironclad refund clause in the agreement/contract under which a SSL cert is issued These certs cost $9.00. You're not going to get much of an insurance policy at that price. again, startssl.com - free. why pay? it's (as you say) not actually buying you anything except random bits anyway... if you can get them for free, why would you not do that? Because they do not have a wildcard one for 'free', which is useful when one wants to serve eg example.com but als www.example.com from the same location along with other variants of the hostname. Except for that, it is a rather great offer. Though one can of course just serve the example.com one and force people after they accept to the main site. I tend to stick CAcert ones on hosts and tell people to either just accept that single cert and store it for future checks or just install the CAcert root cert, that covers a lot of hosts in one go, given of course that one trusts what CAcert is doing, but that goes for anything. The method that Firefox is using with the unchained certificates save this unverified cert and as long as it is the same it is great is in that respect similar to SSH hostkeys, one can verify those offline and just keep on using them as as long as that cert is the same you are likely talking to the same host (ssl etc still don't cover compromised hosts). In the end, they are just bits, and this whole verification thing at the verification of owner adds nothing except for an ease-of-use factor for the non-techy folks on the Internet. Greets, Jeroen
Re: SSL Certificates
In article 20120216162108.ga11...@ussenterprise.ufp.org you write: -=-=-=-=-=- In a message written on Thu, Feb 16, 2012 at 12:57:25AM -0600, Jimmy Hess wrote: There is a risk that any CA issued SSL certificate signed by _any_ CA may be worthless some time in the future, if the CA chosen is later found to have issued sufficient quantities fraudulent certificates, and sufficiently failed in their duties. One thing I'm not clear about is, are there any protocol or implementation limitations that require only one CA? I've had the same cert signed by multiple CAs, although rarely at the same time. Never tried to present both versions in the same session, though. R's, John
Re: SSL Certificates startssl.com
On (16/02/12 11:13), Christopher Morrow wrote: again, startssl.com - free. why pay? it's (as you say) not actually buying you anything except random bits anyway... if you can get them for free, why would you not do that? They may not charge money, but it's not really free. You have to provide them so much personal information, it feels like an invitation to identity theft. At the least what they collect would be valuable information to sell to marketeers. They demand a valid residential address for the free personal-use certificate; a business address will not do (and they check). Our mixed-use building did not qualify. Next option is one of their cheap business certificates, but then you must send scanned images of: 1. The cover of your passport 2. The first pages of the passport 3. The picture of you with your personal detail of your passport and 1. Both sides of your drivers license or identity card or 2. Photo ID document issued by a local, state or federal authority. In order to save a couple bucks, I'm gonna scan all this and send it off to somewhere in Israel??? Geotrust or Comodo don't put you through this. For $10, I'll keep my info, thanks.
Re: SSL Certificates
On Wed, Feb 15, 2012 at 10:57 PM, Jimmy Hess mysi...@gmail.com wrote: On Wed, Feb 15, 2012 at 6:49 PM, George Herbert george.herb...@gmail.com wrote: On Wed, Feb 15, 2012 at 4:17 PM, John Levine jo...@iecc.com wrote: The problem with anything related to Verisign at the moment is that The possibility of their root certs being compromised is nonzero. The possibility of _ANY_ CA's root certs having been compromised is non-zero. There's no evidence published to indicate Verisign's CA key has been compromised, and it's highly unlikely. Just as there's no evidence of other CAs' root certificate keys being compromised. Please recall that this HAS happened to another CA in the last year. There may be no problem; they also may be completely worthless. Until there's full disclosure... [snip] They are not completely worthless until revoked, or distrusted by web browsers. ... I think that's highly ass-backwards. If it's been compromised and the compromise is not yet fully known - revoked by the CA or distrusted by browsers - we exist in a nether region where the customers connecting to your servers can be transparently Man-in-the-Middle attacked. If someone doing MiiM to your customers would be a significant problem, then it's incumbent upon you to not put your head in the sand when there's a higher-than-normal risk that one CA may have A Problem. The situation is in fact *worse* than completely worthless. In that situation it has an active negative value. This is complicated by the fact that you don't even need to be a customer of that CA for that to be a risk. If browsers trust that CA, and that CA's keys are loose, then anyone with those can impersonate anyone else on the net transparently. But the fix for that revokes the root cert and all the signed certs for that CA. Immediately, if the browser vendors response to the prior incident carries through to a new one. Buying new certs or continuing to use certs that have a noticable risk of immediate revocation seems ... unwise. Again - I don't know if it's been compromised. The vendor is not being forthcoming at that level of detail yet. They are evidently still trying to figure out how bad the penetration was. That is not a good sign, but does not automatically mean the worst by any means. -- -george william herbert george.herb...@gmail.com
Re: SSL Certificates
On Jan 6, 2012, at 6:15, Michael Carey wrote: Looking for a recommendation on who to buy affordable and reputable SSL certificates from? Symantec, Thawte, and Comodo are the names that come to mind, just wondering if there are others folks use. Almost everyone are basically just selling an activation with one of the SSL certificate authorities. I usually buy a RapidSSL (Verisign) certificate from https://www.sslmatrix.com/ -- they seem to have some of the best prices and the rapidssl enrollment process is very efficient (at least for the cheap automatically validated products). Ask -- http://askask.com/
Re: SSL Certificates
Almost everyone are basically just selling an activation with one of the SSL certificate authorities. I usually buy a RapidSSL (Verisign) certificate from https://www.sslmatrix.com/ -- they seem to have some of the best prices and the rapidssl enrollment process is very efficient (at least for the cheap automatically validated products). I get my RapidSSL and Comodo from these guys. Prices look about the same: http://www.cheapssls.com/ If you order a cert for example.com, Comodo's also work for www.example.com, no extra charge. R's, John
Re: SSL Certificates
On Wed, Feb 15, 2012 at 4:17 PM, John Levine jo...@iecc.com wrote: Almost everyone are basically just selling an activation with one of the SSL certificate authorities. I usually buy a RapidSSL (Verisign) certificate from https://www.sslmatrix.com/ -- they seem to have some of the best prices and the rapidssl enrollment process is very efficient (at least for the cheap automatically validated products). I get my RapidSSL and Comodo from these guys. Prices look about the same: http://www.cheapssls.com/ If you order a cert for example.com, Comodo's also work for www.example.com, no extra charge. The problem with anything related to Verisign at the moment is that they either don't know or haven't come clean yet how far the hackers got into their infrastructure over the last few years. The early February 2012 announcements were woefully devoid of actual content. The possibility of their root certs being compromised is nonzero. There may be no problem; they also may be completely worthless. Until there's full disclosure... -- -george william herbert george.herb...@gmail.com
Re: SSL Certificates
On Thu, Feb 16, 2012 at 12:17:00AM -, John Levine wrote: Almost everyone are basically just selling an activation with one of the SSL certificate authorities. I usually buy a RapidSSL (Verisign) certificate from https://www.sslmatrix.com/ -- they seem to have some of the best prices and the rapidssl enrollment process is very efficient (at least for the cheap automatically validated products). I get my RapidSSL and Comodo from these guys. Prices look about the same: http://www.cheapssls.com/ If you order a cert for example.com, Comodo's also work for www.example.com, no extra charge. R's, John Comodo ever get fixed ?? /bill
Re: SSL Certificates
On Wed, Feb 15, 2012 at 6:49 PM, George Herbert george.herb...@gmail.com wrote: On Wed, Feb 15, 2012 at 4:17 PM, John Levine jo...@iecc.com wrote: The problem with anything related to Verisign at the moment is that The possibility of their root certs being compromised is nonzero. The possibility of _ANY_ CA's root certs having been compromised is non-zero. There's no evidence published to indicate Verisign's CA key has been compromised, and it's highly unlikely. Just as there's no evidence of other CAs' root certificate keys being compromised. There may be no problem; they also may be completely worthless. Until there's full disclosure... [snip] They are not completely worthless until revoked, or distrusted by web browsers. There is a risk that any CA issued SSL certificate signed by _any_ CA may be worthless some time in the future, if the CA chosen is later found to have issued sufficient quantities fraudulent certificates, and sufficiently failed in their duties. I suppose if you buy a SSL certificate, you should be looking for your CA to have insurance to reimburse the cost of the certificate should that happen, and an ironclad refund clause in the agreement/contract under which a SSL cert is issued E.g. A guarantee such that the CA will refund the complete certification fee, or pay for the replacement of the SSL certificate with a new valid certificate issued by another fully trusted CA, and compensate for any tangible loss,resulting from the CA's signing certificate being marked as untrusted by major browsers, revoked, or removed from major browsers' trust list, due to any failure on the CA's part or compromise of their systems, resulting in loss of trust. -- -JH
Re: SSL Certificates
verisign, who used to own geotrust (who owns rapidssl) was sold to symantec last year. or some similar swapping of chain links. anyway, for some, the symantec umbrella might be a polarizing factor. On Fri, Jan 06, 2012 at 09:08:28AM -0600, gra...@g-rock.net wrote: We use rapidssl. Seems to be ok across the board. No reports otherwise. - Reply message - From: Michael Carey mca...@kinber.org Date: Fri, Jan 6, 2012 8:15 am Subject: SSL Certificates To: nanog@nanog.org Looking for a recommendation on who to buy affordable and reputable SSL certificates from? Symantec, Thawte, and Comodo are the names that come to mind, just wondering if there are others folks use. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: SSL Certificates
On Fri, Jan 06, 2012 at 10:08:55AM -0500, Christopher Morrow wrote: From: Michael Carey [mailto:mca...@kinber.org] Sent: Friday, January 06, 2012 9:15 AM To: nanog@nanog.org Subject: SSL Certificates Looking for a recommendation on who to buy affordable and reputable SSL certificates from? Symantec, Thawte, and Comodo are the names that come to mind, just wondering if there are others folks use. startssl.com - free certs that work in apple-mail, chrome, ff, ie, tbird, across mac/linux/windows... you can't beat free. (you do have to update yearly, but it's not painful, and is probably worth doing as practice anyway) i think their free certificates are for personal/individual use only, and may not be as useful for company/business usage. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: SSL Certificates
netsol was bought by web.com. out of the frying pan ... ? On Fri, Jan 06, 2012 at 09:27:27AM -0500, Josh Baird wrote: We typically stick with Network Solutions, and DigiCert for SANcertificates. VeriSign's prices are just insane. On Fri, Jan 6, 2012 at 9:15 AM, Michael Carey mca...@kinber.org wrote: Looking for a recommendation on who to buy affordable and reputable SSL certificates from? Symantec, Thawte, and Comodo are the names that come to mind, just wondering if there are others folks use. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: SSL Certificates
AlphaSSL is pretty solid, priced right too. -- Alexander McMillen Chief Executive Officer Sliqua Enterprise Hosting, Inc. - AS32740 Serving up scale and service since 2002. Is your mission critical?™ 1-877-4-SLIQUA - http://www.sliqua.com - http://www.isyourmissioncritical.com On Jan 6, 2012, at 9:15 AM, Michael Carey wrote: Looking for a recommendation on who to buy affordable and reputable SSL certificates from? Symantec, Thawte, and Comodo are the names that come to mind, just wondering if there are others folks use. Thanks, -- Michael D. Carey KINBER Network Engineer mca...@kinber.org M: 814.777.5027 GV: (814) 205-6773 https://www.google.com/voice#phones Skype: KINBER.Mike.Carey KINBER - Keystone Initiative for Network Based Education and Research - www.kinber.org PennREN - Pennsylvania's Research and Education Network
Re: SSL Certificates
We typically stick with Network Solutions, and DigiCert for SANcertificates. VeriSign's prices are just insane. On Fri, Jan 6, 2012 at 9:15 AM, Michael Carey mca...@kinber.org wrote: Looking for a recommendation on who to buy affordable and reputable SSL certificates from? Symantec, Thawte, and Comodo are the names that come to mind, just wondering if there are others folks use. Thanks, -- Michael D. Carey KINBER Network Engineer mca...@kinber.org M: 814.777.5027 GV: (814) 205-6773 https://www.google.com/voice#phones Skype: KINBER.Mike.Carey KINBER - Keystone Initiative for Network Based Education and Research - www.kinber.org PennREN - Pennsylvania's Research and Education Network
RE: SSL Certificates
I've had good experience with Entrust. One thing to be careful with is some mobile devices (especially older Android ones) have limited root certificates. Network Solutions and Entrust work, some others, not so much. From my experience Android 2.3+ has most of the common root certs, but previous versions don't. I wonder if someone has a list comparing root certificate support across platforms? Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: Michael Carey [mailto:mca...@kinber.org] Sent: Friday, January 06, 2012 9:15 AM To: nanog@nanog.org Subject: SSL Certificates Looking for a recommendation on who to buy affordable and reputable SSL certificates from? Symantec, Thawte, and Comodo are the names that come to mind, just wondering if there are others folks use. Thanks, -- Michael D. Carey KINBER Network Engineer mca...@kinber.org M: 814.777.5027 GV: (814) 205-6773 https://www.google.com/voice#phones Skype: KINBER.Mike.Carey KINBER - Keystone Initiative for Network Based Education and Research - www.kinber.org PennREN - Pennsylvania's Research and Education Network
RE: SSL Certificates
We have been using GoDaddy for quite some time as they offer good deals if you call them in and buy in bulk. Mind you we manage certs for about 50-100 customers as well. Haven't had any issues with them not being trusted on mobile devices except for old windows mobile 5 and early 6 devices. -Original Message- From: Matthew Huff [mailto:mh...@ox.com] Sent: Friday, January 06, 2012 7:32 AM To: 'Michael Carey'; nanog@nanog.org Subject: RE: SSL Certificates I've had good experience with Entrust. One thing to be careful with is some mobile devices (especially older Android ones) have limited root certificates. Network Solutions and Entrust work, some others, not so much. From my experience Android 2.3+ has most of the common root certs, but previous versions don't. I wonder if someone has a list comparing root certificate support across platforms? Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: Michael Carey [mailto:mca...@kinber.org] Sent: Friday, January 06, 2012 9:15 AM To: nanog@nanog.org Subject: SSL Certificates Looking for a recommendation on who to buy affordable and reputable SSL certificates from? Symantec, Thawte, and Comodo are the names that come to mind, just wondering if there are others folks use. Thanks, -- Michael D. Carey KINBER Network Engineer mca...@kinber.org M: 814.777.5027 GV: (814) 205-6773 https://www.google.com/voice#phones Skype: KINBER.Mike.Carey KINBER - Keystone Initiative for Network Based Education and Research - www.kinber.org PennREN - Pennsylvania's Research and Education Network
Re: SSL Certificates
We use rapidssl. Seems to be ok across the board. No reports otherwise. Sent from my HTC on the Now Network from Sprint! - Reply message - From: Michael Carey mca...@kinber.org Date: Fri, Jan 6, 2012 8:15 am Subject: SSL Certificates To: nanog@nanog.org Looking for a recommendation on who to buy affordable and reputable SSL certificates from? Symantec, Thawte, and Comodo are the names that come to mind, just wondering if there are others folks use. Thanks, -- Michael D. Carey KINBER Network Engineer mca...@kinber.org M: 814.777.5027 GV: (814) 205-6773 https://www.google.com/voice#phones Skype: KINBER.Mike.Carey KINBER - Keystone Initiative for Network Based Education and Research - www.kinber.org PennREN - Pennsylvania's Research and Education Network
Re: SSL Certificates
From: Michael Carey [mailto:mca...@kinber.org] Sent: Friday, January 06, 2012 9:15 AM To: nanog@nanog.org Subject: SSL Certificates Looking for a recommendation on who to buy affordable and reputable SSL certificates from? Symantec, Thawte, and Comodo are the names that come to mind, just wondering if there are others folks use. startssl.com - free certs that work in apple-mail, chrome, ff, ie, tbird, across mac/linux/windows... you can't beat free. (you do have to update yearly, but it's not painful, and is probably worth doing as practice anyway) -chris
Re: SSL Certificates
theSSLstore has good reseller pricing on a variety of certs. ~ $10 domain validated rapidssl certs in about 5 minutes. More expensive and time consuming certs are available, Verisign, Geotrust, Thawte, greenbars, wildcards, etc.. Ken On 1/6/2012 8:15 AM, Michael Carey wrote: Looking for a recommendation on who to buy affordable and reputable SSL certificates from? Symantec, Thawte, and Comodo are the names that come to mind, just wondering if there are others folks use. Thanks, -- Ken Anderson Pacific Internet - http://www.pacific.net
Re: SSL Certificates
I second The SSL Store (http://www.thesslstore.com/) -- Paul Norton Systems Administrator Neoverve - www.neoverve.com Neoverve Blog - http://blog.neoverve.com/ On 1/6/2012 7:31 AM, Ken A wrote: theSSLstore has good reseller pricing on a variety of certs. ~ $10 domain validated rapidssl certs in about 5 minutes. More expensive and time consuming certs are available, Verisign, Geotrust, Thawte, greenbars, wildcards, etc.. Ken On 1/6/2012 8:15 AM, Michael Carey wrote: Looking for a recommendation on who to buy affordable and reputable SSL certificates from? Symantec, Thawte, and Comodo are the names that come to mind, just wondering if there are others folks use. Thanks,