Recommendations for purchasing a wildcard certificate

Forums › IT Pro and developers › Recommendations for purchasing a wildcard certificate

1 | 2

Regs

4064 posts

Uber Geek

Trusted

Snowflake

#527921 30-Sep-2011 23:51

Ragnor:

HTTPS is not computationally expensive with semi modern hardware, the problem is latency or delay due to the the back and forth handshake process for authentication. If you have http keep alive on this only happens once though.

Not using https for your entire session enable's man in the middle (eg: when using using cafe, hotel or public wireless) cookie jacking, remember Firesheep! This is why banking sites and even gmail use https the whole time.

yep, MITM attacks are possible in that situation... but are they a risk for geekzone users on the geekzone website?

https also doesnt cache well, so that can also add to the slowdown and erode the user experience.

Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

TrendMicro

Best TrendMicro deals for antivirus and malware protection(affiliate link).

mattwnz

19378 posts

Uber Geek

#527935 1-Oct-2011 01:48

Zeon: Godaddy is cheap and widely supported. Their website is a bit crappy though.

That is an understatement. You have to go through multiple pages where they try to upsell you on other things before you can get to the checkout. I find their control panel for managing things pretty poor and not that easy to use.

Ragnor

8085 posts

Uber Geek

Trusted

#528092 1-Oct-2011 22:40

Regs:

yep, MITM attacks are possible in that situation... but are they a risk for geekzone users on the geekzone website?

https also doesnt cache well, so that can also add to the slowdown and erode the user experience.

If you logged into Geekzone say on the free public wifi in Wellington and someone else was connected to the same wifi with a packet sniffer or something like Firesheep then your authenticated cookie/session could indeed be hijacked from normal http requests.

Content requested via HTTPS caches fine if you set http headers of static resources properly ie: cache-control: public on css, js and image files etc.

Ragnor

8085 posts

Uber Geek

Trusted

#528097 1-Oct-2011 22:43

magu:
In saying that, how bad is it in terms of req/s to have SSL full on or just for logins? I haven't noticed any issues with SSL full on, but maybe I just don't have the volume to have that be significant.

That would depend on your site, hardware etc... simplest way to test it is to benchmark your websites current performance locally and remotely via http with tools like apachebench etc.

Then setup https and run the same benchmarks.

lyonrouge

1993 posts

Uber Geek

Trusted

Lifetime subscriber

#530266 6-Oct-2011 16:57

Thanks for the advice. I used ClickSSL which offered 2 years for USD199. For those who are interested, these are the steps:

Enter requester and admin email details
Enter billing details
Enter credit card details and submit

Admin is sent purchase details
From email, follow link to site and copy your CSR (*.yourdomin.co.nz) to the form
Select your confirmation email (WHOIS for the domain)
Submit

Open confirmation email and open the link, press Accept
Admin is sent the certificate

rphenix

978 posts

Ultimate Geek

Lifetime subscriber

#535196 19-Oct-2011 15:53

Not a big fan of godaddy, but when it comes to SSL certs, they always seem to be the cheapest never pay their normal price get a coupon code (just google it) and you always get good savings.

1 | 2