Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersLet's Encrypt - free https certificates - Mozilla deprecating http
timmmay

20575 posts

Uber Geek

Trusted
Lifetime subscriber

#171919 5-May-2015 14:09
Send private message

Mozilla is planning on restricting the functionality of unencrypted http sites (more here direct from Mozilla), only giving full functionality to https sites. This will be another nail in the coffin of Firefox IMHO, all it means is even the less trustworthy websites will have https in future. It really adds very little to security that your link is encrypted, given the low chance of interception, though perhaps the browsers apply more stringent security policy to https sites.

That led me to the website Lets Encrypt. Later 2015 this site will provide free certificates to enable https on websites. It's supported by Mozilla, Akamai, Cisco, The EFF, so should be successful. You can get certificates for $10 or less already, and may be able to get free certificates (though they didn't work for me), but this will increase adoption. One key factor is shared hosting, who may charge a fee for each website hosted, or make it difficult / impossible to install the certificates. All in all though Lets Encrypt seems like a positive move.

Create new topic
roobarb
653 posts

Ultimate Geek

Trusted

  #1298418 5-May-2015 14:14
Send private message

StartSSL will also do free SSL certs, but that does not imply that the client browsers all have the CA installed and hence trust it.



mattwnz
20141 posts

Uber Geek


  #1298420 5-May-2015 14:16
Send private message

Many shared hosts at the bottom end of the market don't let you install a SSL unless you move to a larger plan. Most will also charge for a dedicated IP, and they can cost an extra $10 per month per site. Basic brochure websites shouldn't need https. Even many shopping cart websites are just http, and this includes at least one of the major SAAS shoping cart providers. Google do apparently rank https websites higher than http ones already, so that should be enough.

wasabi2k
2096 posts

Uber Geek


  #1298421 5-May-2015 14:17
Send private message

roobarb: StartSSL will also do free SSL certs, but that does not imply that the client browsers all have the CA installed and hence trust it.

Which makes them almost worthless.



mattwnz
20141 posts

Uber Geek


  #1298422 5-May-2015 14:18
Send private message

I though cloudflare also offered free SSLs.

timmmay

20575 posts

Uber Geek

Trusted
Lifetime subscriber

  #1298423 5-May-2015 14:22
Send private message

HTTPS has two advantages, authentication that you're sending information who you think you are, and encryption of that information. Free and low cost certificates only do the latter.

CloudFlare does do free SSL/HTTPS, using what's effectively a massive wildcard certificate, and it relies on modern browsers to support the way it works (Server Name Indication). I have one custom written website that uses it that it works automatically on, but I found it quite problematic to get working with Wordpress, and in the end gave up.

roobarb
653 posts

Ultimate Geek

Trusted

  #1298424 5-May-2015 14:27
Send private message

wasabi2k:
roobarb: StartSSL will also do free SSL certs, but that does not imply that the client browsers all have the CA installed and hence trust it.

Which makes them almost worthless.


Perhaps, I should have qualified that, the root CA is not on older operating systems, I often do testing with older machines. Modern ones including mobiles seem to recognized StartCom CA. Not all mobile browsers let you easily see the certificate.

jnimmo
1097 posts

Uber Geek


  #1298463 5-May-2015 15:30
Send private message

The key advantage of Lets Encrypt is that certs will automatically renew, so it is truly set and forget if all implemented well.
Really should be almost as easy as flipping a config switch. Looking forward to it!

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
richms
28168 posts

Uber Geek

Trusted
Lifetime subscriber

  #1298466 5-May-2015 15:33
Send private message

The problem with SSL on mobiles is the crap user experiance that you get on cert failures. I can only see this making it worse with people just pressing "continue" on warnings about secure connections not being established when these dodgey certs pop a warning up.




Richard rich.ms

mattwnz
20141 posts

Uber Geek


  #1298474 5-May-2015 15:40
Send private message

Unless Apple do this first, I can't see Mozilla doing it. If they do, people will just switch to other browsers. I would say many websites on the net are published and are then never touched, so you do have a lot of very old websites on the net. Many are just static so pose no security issue. Even if websites do have encypted form, many are sent unsecurely via email. I think a bigger risk is hacked CMS's and malware that gets injected into those site. I often see old wordpress website still running wordpress 3.1 and some even older, which are not secure.

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright