Suggestions for SSL cert?
-
the amount of zubat in this cave is too damn high?
is funny?
it's a meme so it doesn't have to make sense?
-
There's a new Mozilla backed CA called Let's Encrypt, it's not available quite yet, they're quoting mid 2015 as their launch, and it'll be free as in beer.
-
I know that this is a 10 days late reply, but Postfix is pretty simple to set up.
That or you could see if your registrar will provide an email address for your domain.
There's a new Mozilla backed CA called Let's Encrypt, it's not available quite yet, they're quoting mid 2015 as their launch, and it'll be free as in beer.
Already mentioned.
-
I hope to maybe have time tonight to work on this. My guess is they're unable to access my server for validation, because port 80 is blocked by my ISP, and they haven't thought to try port 443 which is open.
I don't know why they wouldn't sent a message saying "Hey your site is (apparently) broken" though.
-
-
The correct dodge is to blame Discourse for you replying to a post earlier than it was mentioned.
-
What does that meme have to do with Zubat?
@accalia mentioned zubats, and I thought that the way I did the meme was funnier than a literal read of her post.
-
So, four months after the fact I finally get a message from Comodo SSL saying "We noticed you had trouble with your order and cancelled."
Too bad I quit caring. I don't have enough users to justify moving away from a self-signed cert.
-
four months after the fact
Yeah, when you fuck up customer service that badly, you are not going to be able to recover. That is a lost customer.
-
That reminds me, I need to ask our system administrator what happened with the new cert for our dev server that Comodo was supposed to be giving us. The CSR should have been sent in last Tuesday.
Dev used to have a self-signed cert, but Enterprise Security is going apeshit about an external contractor with VPN having access to it and wants it locked down.
And before you ask, no, our Dev server is not external facing.
-
And before you ask, no, our Dev server is not external facing.
Why do we care about the self signed cert on an internal facing...Enterprise Security
Oh, carry on
On topic, even though it's been mentioned before... For my websites I use StartSSL. Their UX is terribad, customer service is OK, but they offer unlimited free SSL certs and reasonably priced code-signing and wildcard certs (you can get those for $60)
-
Yeah, Enterprise Security is mandating no self-signed certificates.
-
Yeah, Enterprise Security is mandating no self-signed certificates.
To be fair, self-signed certificates are only better than a fig leaf when it comes to security when you go to the effort of teaching all the clients beforehand what the certificate is. Which is a total bummer when you need to change the certificate for some reason (expired, compromised, etc.) and rather annoying when you've not a fixed set of clients, as then you keep having to register that public certificate as trusted.
When a CA-signed certificate is (almost) nothing, going with a self-signed certificate is a false economy; the simpler key management is worth the annoyance of dealing with the CA.
-
Our public facing environments (User Acceptance Testing and Production) have valid certificates (issued by Verisign, they'll switch to Comodo when they expire next month). It was only our internal testing environments (local machine and Dev) that didn't. Now that a contractor is supposed to have access to Dev, they're requiring a non-self-signed certificate.
-
You can request as many domain certs as you need for free. It's a manual process though, so if you need loads of domains, it may be worth it to pay for a wildcard cert.
-
The thing is, it shouldn't cost money for a basic "the server you're talking to is the one that was at this address when the CA checked" certificate. That can be automated quite easily (think Google Webmaster Tools) and only costs the CA the CPU cycles needed to sign the certificate. It ensures that you're connected to the right server and that someone can't easily read your password when you type it into an
<input type="password">
.I shall refer to my post above
https://letsencrypt.org
It’s free, automated, and open.