Other Software > Developer's Corner

Recommendations for where to get SSL Certificates?

<< < (3/4) > >>

mouser:
Can you point me (link) at where you got that (untrusted) impression.
--- End quote ---

a search gives a bunch of results.. here's one:
https://www.lowendtalk.com/discussion/92636/mozilla-firefox-to-remove-wosign-startssl-as-a-trusted-certificate-authority

Deozaan:
What is the URL for InstantSSL?  When I look it up, I get several results...
-wraith808 (November 30, 2016, 05:01 AM)
--- End quote ---

I'm guessing it's http://instantssl.com/

Stoic Joker:
Can you point me (link) at where you got that (untrusted) impression.
--- End quote ---

a search gives a bunch of results.. here's one:
https://www.lowendtalk.com/discussion/92636/mozilla-firefox-to-remove-wosign-startssl-as-a-trusted-certificate-authority
-mouser (November 30, 2016, 12:03 PM)
--- End quote ---

Shit ... Well that's reasonably damning.

So... does anyone offer certs for a longer than 1 year period? I really hate playing with SSL so it would - possibly... - be worth the money to not have to futz with it quite so often.

Shades:
A year is a common period to use for (re-)verification purposes. So I am under the impression that you will be hard-pressed to find deals that last longer. Not all operating systems handle longer lasting certificates equally, can't find the link right now.

For an overview of (free) SSL certificate providers:  https://www.sslshopper.com/article-free-ssl-certificates-from-a-free-certificate-authority.html

Thawte offers 1-year, 2-year and 3-year deals for SSL certificates: https://www.thawte.com/ssl/.

For in-house webservices that are only used by in-house computers, you can deploy your own self-signed certificates (including the CA certificate). Not only cost these nothing, these can also last 10 years. And as you are in control of the CA certificate, you or your users won't be bothered by continuous browser verification requests either. But for this to work, you must be in complete control of all your in-house computer systems. To my understanding, Stoic Joker is (one of) the sysadmins at the company he works for, so that could be somewhat of an option for him.

In my duties as sysadmin I do make use of self-signed certification, mainly to verify if the software I help to create can encrypt/decrypt EDI/XML/JSON type messages transferred by our own services, web services and even Exchange 2007 - 2016 server without any user interaction. And for in-house use, this works well.

Besides HTTP/SSL isn't that safe to begin with: http://www.howtogeek.com/182425/5-serious-problems-with-https-and-ssl-security-on-the-web/ or https://www.schrauger.com/the-story-of-how-wosign-gave-me-an-ssl-certificate-for-github-com. If the big names can make such "hiccups" with certification, I suddenly feel less queasy about generating and using my own.

Years ago I saw an infographic somewhere that indicated there aren't more than 5 certificate providers globally. All the companies that offer certificates are either subsidiaries or reselling. Which was a bit unsettling then. I don't think this situation has improved much in this current day and age, though I probably should delve into this again someday.

wraith808:
Years ago I saw an infographic somewhere that indicated there aren't more than 5 certificate providers globally. All the companies that offer certificates are either subsidiaries or reselling. Which was a bit unsettling then. I don't think this situation has improved much in this current day and age, though I probably should delve into this again someday.

-Shades (December 01, 2016, 07:48 AM)
--- End quote ---

That's one of the reasons LetsEncrypt was created.  It's an unaffiliated signing agent.

Navigation

[0] Message Index

[#] Next page

[*] Previous page