Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • May 25, 2017, 09:31:42 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Recommendations for where to get SSL Certificates?  (Read 1754 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 37,050
    • View Profile
    • Donate to Member
Recommendations for where to get SSL Certificates?
« on: November 28, 2016, 07:54:35 AM »
The DonationCoder SSL certificates need to be renewed soon, and I'm looking for affordable recommendations.

In the past we've used StartSSL which I've written about.  Their prices were wonderful, though I found their process painful and confusing.  And worse, I understand that the certificates from StartSSL will start to be marked as untrusted soon for reasons that are slightly beyond my ken.

We have a main website domain, and a couple of side domains (dcmembers.com, etc.), plus a need for a code signing certificate.

Any recommendations would be welcome.
« Last Edit: November 28, 2016, 09:15:59 AM by mouser »

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 8,670
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #1 on: November 28, 2016, 08:34:09 AM »
LetsEncrypt is an option.  I didn't do it because my current server doesn't support the automated way, I wasn't going to do commandline, and I wasn't going to switch servers just for that.  But if your server supports it, or you're not averse to doing it on the command line, take a look.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 37,050
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #2 on: November 28, 2016, 09:14:57 AM »
LetsEncrypt looks awesome.. I may very well try it.
Looks like they don't do code signing certificates so that will have to be handled someplace else regardless.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 37,050
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #3 on: November 30, 2016, 12:56:36 AM »
Edit: I will definitely revisit LetsEncrypt in the near future.  For now I am trying Comodo's InstantSSL and the process seems to be pretty painless and fast thus far.
They will generate 90 day ssl certificates for free so its a great way to test things.

The new SSL certificate is on the DonationCoder https server as we speak.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 8,670
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #4 on: November 30, 2016, 05:01:05 AM »
What is the URL for InstantSSL?  When I look it up, I get several results...

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,332
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #5 on: November 30, 2016, 06:43:26 AM »
Their prices were wonderful, though I found their process painful and confusing.  And worse, I understand that the certificates from StartSSL will start to be marked as untrusted soon for reasons that are slightly beyond my ken.

Oh crap!
For now I am trying Comodo's InstantSSL and the process seems to be pretty painless and fast thus far. They will generate 90 day ssl certificates for free so its a great way to test things.

Will they do wildcard certs during the 90 day preview? If StartSSL goes untrusted I'm screwed on several fronts.

Thanks for the heads up.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 37,050
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #6 on: November 30, 2016, 09:19:49 AM »
Quote
Will they do wildcard certs during the 90 day preview? If StartSSL goes untrusted I'm screwed on several fronts.
not only won't they do wildcard certs during the 90 day preview, but a wildcard cert is something like $900.  :tellme:

Don't take my word on the StartSSL untrusted stuff.. The whole ssl cert scene is confusing to me and I'm just operating on the bare scraps of info that i pick up, and i have a very tenuous grasp on the whole process, much like my interactions with the fair sex.

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,132
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #7 on: November 30, 2016, 10:20:09 AM »
Have you tried K Software? I was looking at them back when I thought about getting a code signing cert. They are Comodo resellers. Looks like a wildcard cert is $145/y.

http://www.ksoftware.net/ssl_certs.html

Mind you, I have no experience with them, since I ended up not getting one (still too expensive for me).

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 37,050
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #8 on: November 30, 2016, 10:46:55 AM »
I had forgotten all about K Software.. They seem like a good place to get certificates.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,332
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #9 on: November 30, 2016, 11:48:45 AM »
Don't take my word on the StartSSL untrusted stuff.. The whole ssl cert scene is confusing to me and I'm just operating on the bare scraps of info that i pick up, and i have a very tenuous grasp on the whole process, much like my interactions with the fair sex.

Can you point me (link) at where you got that (untrusted) impression...so I can - try to - make an informed decision to panic?

SSL gives me fits too, I suspect mainly because the entire scheme is intentionally designed to be horribly overcomplicated. And any time you try todo anything with it, it's always long strings of cryptic options that invariably lead to 30+ pages of documentation that vaguely elude to explaining it (but don't). It really is pointlessly agonizing to deal with.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 37,050
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #10 on: November 30, 2016, 12:03:37 PM »
Quote
Can you point me (link) at where you got that (untrusted) impression.

a search gives a bunch of results.. here's one:
https://www.lowendta...ertificate-authority

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,901
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #11 on: November 30, 2016, 03:22:14 PM »
What is the URL for InstantSSL?  When I look it up, I get several results...

I'm guessing it's http://instantssl.com/

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,332
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #12 on: December 01, 2016, 06:43:26 AM »
Quote
Can you point me (link) at where you got that (untrusted) impression.

a search gives a bunch of results.. here's one:
https://www.lowendta...ertificate-authority

Shit ... Well that's reasonably damning.

So... does anyone offer certs for a longer than 1 year period? I really hate playing with SSL so it would - possibly... - be worth the money to not have to futz with it quite so often.

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,170
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #13 on: December 01, 2016, 07:48:06 AM »
A year is a common period to use for (re-)verification purposes. So I am under the impression that you will be hard-pressed to find deals that last longer. Not all operating systems handle longer lasting certificates equally, can't find the link right now.

For an overview of (free) SSL certificate providers:  https://www.sslshopper.com/article-free-ssl-certificates-from-a-free-certificate-authority.html

Thawte offers 1-year, 2-year and 3-year deals for SSL certificates: https://www.thawte.com/ssl/.

For in-house webservices that are only used by in-house computers, you can deploy your own self-signed certificates (including the CA certificate). Not only cost these nothing, these can also last 10 years. And as you are in control of the CA certificate, you or your users won't be bothered by continuous browser verification requests either. But for this to work, you must be in complete control of all your in-house computer systems. To my understanding, Stoic Joker is (one of) the sysadmins at the company he works for, so that could be somewhat of an option for him.

In my duties as sysadmin I do make use of self-signed certification, mainly to verify if the software I help to create can encrypt/decrypt EDI/XML/JSON type messages transferred by our own services, web services and even Exchange 2007 - 2016 server without any user interaction. And for in-house use, this works well.

Besides HTTP/SSL isn't that safe to begin with: http://www.howtogeek.com/182425/5-serious-problems-with-https-and-ssl-security-on-the-web/ or https://www.schrauger.com/the-story-of-how-wosign-gave-me-an-ssl-certificate-for-github-com. If the big names can make such "hiccups" with certification, I suddenly feel less queasy about generating and using my own.

Years ago I saw an infographic somewhere that indicated there aren't more than 5 certificate providers globally. All the companies that offer certificates are either subsidiaries or reselling. Which was a bit unsettling then. I don't think this situation has improved much in this current day and age, though I probably should delve into this again someday.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 8,670
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #14 on: December 01, 2016, 07:54:07 AM »
Years ago I saw an infographic somewhere that indicated there aren't more than 5 certificate providers globally. All the companies that offer certificates are either subsidiaries or reselling. Which was a bit unsettling then. I don't think this situation has improved much in this current day and age, though I probably should delve into this again someday.


That's one of the reasons LetsEncrypt was created.  It's an unaffiliated signing agent.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,066
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #15 on: December 19, 2016, 12:53:47 PM »
In this day and age, I would definitely go for LetsEncrypt for HTTPS certificates unless hard pressed to use something else. Self-signed certs aren't really appropriate for a public-facing website, even though they're technically more secure.

Dunno about code signing - aren't the options relatively limited?

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 37,050
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #16 on: December 19, 2016, 01:10:47 PM »
I got my code signing certificate at KSoftware as recommended by Jibz above.  Process was fairly painless.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 37,050
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #17 on: February 24, 2017, 09:39:07 AM »
Although the price leaves something to be desired, I have to say I have been impressed with the smoothness of the process of using InstantSSL (comodo).

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,332
    • View Profile
    • Donate to Member
Re: Recommendations for where to get SSL Certificates?
« Reply #18 on: February 24, 2017, 12:27:13 PM »
Although the price leaves something to be desired, I have to say I have been impressed with the smoothness of the process of using InstantSSL (comodo).

Same... I ended up going with Comodo for a wildcard cert. Price was a bit of an ouch, but the process was super smooth.