Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




298 posts

Ultimate Geek
+1 received by user: 44

Lifetime subscriber

# 205207 3-Nov-2016 09:29
Send private message

So I've been using StartSSL for a number of years and was quite happy with them.

 

Their business model was that you pay for *validation* once a year about 60USD and then you can have unlimited number of certs (under fair use) including wildcard certs.

 

But recently StartSSL was acquired by WoSign, which lead to a total debacle with Chrome and Mozilla revoking their trust from StartSSL root cert.

 

 

 

Details can be found here

 

https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview

 

and here

 

https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/

 

 

 

As  a result I no longer want to give my custom to StartSSL.

 

What are good alternative for private certs. What I need:

 

  • SSL, Email and code signing certs
  • Wildcard certs or ability to generate many certs for the same subdomain without paying an arm and a lef
  • Of course the root cert has to be implicitly trusted by the major players

 

 

I believe that GoDaddy is evil, so I don't want to go this route either.

 

Is there a nice place that won't charge you through the nose, for a few SSL certs?

 

 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
2563 posts

Uber Geek
+1 received by user: 763

Trusted
Lifetime subscriber

  # 1663112 3-Nov-2016 09:32
Send private message

We successfully have been using RapidSSL certificates from trustico.co.nz for 5 or so years....  normally on SBS2011 servers for the Microsoft Exchange HTTPS connections.  Pretty well priced compared to some.





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

423 posts

Ultimate Geek
+1 received by user: 92

Subscriber

  # 1663116 3-Nov-2016 09:47
Send private message

I use enomcentral.com for all my SSL certificates.  Never had any problems and the pricing is very good.


 
 
 
 


3284 posts

Uber Geek
+1 received by user: 985

Trusted

  # 1663126 3-Nov-2016 09:54
Send private message

Anybody using or have thoughts on Let's Encrypt?

 

https://letsencrypt.org/

 

 


1065 posts

Uber Geek
+1 received by user: 220


  # 1663136 3-Nov-2016 10:00
Send private message

90 days cert life kills it. I hate dealing with SSL/Certs so 2 years is min for us.

 

 

 

We have been using StartSSL and i'm not sure what we are going to do without blowing out our budget. Close to 200 certs issued and little support for wildcard :/





Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 



298 posts

Ultimate Geek
+1 received by user: 44

Lifetime subscriber

  # 1663141 3-Nov-2016 10:03
Send private message

Beccara:

 

90 days cert life kills it. I hate dealing with SSL/Certs so 2 years is min for us.

 

We have been using StartSSL and i'm not sure what we are going to do without blowing out our budget. Close to 200 certs issued and little support for wildcard :/

 

 

I know, right? Bummer...


1665 posts

Uber Geek
+1 received by user: 188

Subscriber

  # 1663166 3-Nov-2016 10:30
One person supports this post
Send private message

I am using LetsEncrypt for my personal web server and it seems to be fine. Short lifetime but they have automated scripts which auto-renew. Only been using them for a few months so haven't seen the renew stuff in action yet...


20394 posts

Uber Geek
+1 received by user: 6250

Trusted
Lifetime subscriber

  # 1663168 3-Nov-2016 10:31
Send private message

SSl2BUY they are fantastic!


 
 
 
 


925 posts

Ultimate Geek
+1 received by user: 291


  # 1663169 3-Nov-2016 10:33
Send private message

Get a reseller account with https://www.gogetssl.com/ (essentially no bar to clear for this), then login and check out the "my prices" screen...

 

They don't do affiliate links but you're welcome to buy me a coffee with the money you've saved if you're ever in Whanganui.


3284 posts

Uber Geek
+1 received by user: 985

Trusted

  # 1663171 3-Nov-2016 10:35
Send private message

SumnerBoy:

 

I am using LetsEncrypt for my personal web server and it seems to be fine. Short lifetime but they have automated scripts which auto-renew. Only been using them for a few months so haven't seen the renew stuff in action yet...

 

 

 

 

Yeah that's what I thought - short cert lief shouldn't be an issue when renewal is designed to be easily automated - looks like there are many examples of how to do this on different platforms (not so sure about code-signing though!)  

 

Can you shorten the automated script "timeout" to test it and\or just do it more frequently?


6633 posts

Uber Geek
+1 received by user: 1322

Trusted
Lifetime subscriber

  # 1663196 3-Nov-2016 11:03
Send private message

 For what it's worth, our wildcard certs at work are issued by "Starfield Technologies". No idea what pricing etc is like as certs are handled by another department.


1180 posts

Uber Geek
+1 received by user: 276

Trusted

  # 1663202 3-Nov-2016 11:12
Send private message

SumnerBoy:

 

I am using LetsEncrypt for my personal web server and it seems to be fine. Short lifetime but they have automated scripts which auto-renew. Only been using them for a few months so haven't seen the renew stuff in action yet...

 

 

I'm using it for personal web sites. No issues with auto-renew, cron job.





helping others at evgenyk.nz


1665 posts

Uber Geek
+1 received by user: 188

Subscriber

  # 1663220 3-Nov-2016 11:35
Send private message

Actually just checked my logs and my certs were auto-renewed a few days ago...seamless!


14869 posts

Uber Geek
+1 received by user: 2790

Trusted
Subscriber

  # 1663223 3-Nov-2016 11:40
Send private message

I use Lets Encrypt for four or five different small business websites. On Amazon Linux their client is rubbish so I used ACME, which auto renews just fine. I have a tutorial on how to use Let's Encrypt under Amazon Linux, if anyone wants a link PM me.


925 posts

Ultimate Geek
+1 received by user: 291


  # 1663243 3-Nov-2016 12:05
Send private message

timmmay:

 

I use Lets Encrypt for four or five different small business websites. On Amazon Linux their client is rubbish so I used ACME, which auto renews just fine. I have a tutorial on how to use Let's Encrypt under Amazon Linux, if anyone wants a link PM me.

 

 

Why not use AWS's "free" certificate authority via an ELB?


14869 posts

Uber Geek
+1 received by user: 2790

Trusted
Subscriber

  # 1663245 3-Nov-2016 12:12
Send private message

Because I don't need an ELB for my small websites. An ELB costs $18/month and I use about 2% of the CPU capacity of a t2.micro, partly because I've set up caching carefully, both page caching on the server and the CDN. My average bill is about $1/month because I'm still under the free tier. Once I finish free tier I'll may also stop using RDS because it's around $10/month, and my t2.micro only uses 40% of RAM and 2% of CPU. Not sure I can be bothered moving from RDS to self hosted though.


 1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00


Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34


OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28


Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56


Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18


E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34


Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35


5G uptake even faster than expected
Posted 12-Jun-2019 10:01



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.