"You should have https (TLS1.2) everywhere, on every sort of public facing 
httpd these days, with at least a letsencrypt certificate." 

We'll eventually have to because Google, etc. will make us, but it's extremely 
unnecessary. It's even foolish in many situations. 




----- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




----- Original Message -----

From: "Eric Kuhnke" <eric.kuh...@gmail.com> 
To: af@afmug.com 
Sent: Monday, April 9, 2018 4:49:01 PM 
Subject: Re: [AFMUG] ssl certs 





I have seen studies showing that ecommerce checkout/cart servers do have lower 
"abandon order" rates when using EV SSL. If you're going to have one billing 
server hostname that you fully control (eg: https://billing.ispname.com ) it 
might be worth it. 

Things like Paypal, online banking and other stuff do make extensive use of EV 
SSL. 

It used to cost $395/year, now it's $85/year and dropping in price further. 

The big change coming in both Chrome and Firefox is that any non-https page 
will soon be marked as "Insecure" in the URL/address bar. You should have https 
(TLS1.2) everywhere, on every sort of public facing httpd these days, with at 
least a letsencrypt certificate. 





On Mon, Apr 9, 2018 at 1:20 PM, Simon Westlake < simon@sonar.software > wrote: 




In 99.9% of cases, EV is useless. If you are going to educate your customers 
religiously to look not only for the green padlock, but for your name in the 
address bar, maybe it's worthwhile. Most people don't look or care. Google 
doesn't have an EV cert. Neither does Microsoft or Facebook. My power company 
doesn't. Most insurance companies don't. 


The only place I've seen them used heavily is in the financial sector, and I'd 
guess that's more about CYA than technical value. 


------ Original Message ------ 
From: "Eric Kuhnke" < eric.kuh...@gmail.com > 
To: af@afmug.com 
Sent: 4/9/2018 3:03:38 PM 
Subject: Re: [AFMUG] ssl certs 



<blockquote>




these days there are essentially two types of SSL cert, DV and EV 

DV = domain validated. anyone can get one. this is the same idea for the $9 SSL 
certs and free letsencrypt. you only need to prove you control the 
domain/server it's issued for. 

EV = extended validation, you need to prove your corporate identity. should 
cost around $85/year. 

EV will result in the big green banner with company name in most modern web 
browsers. 

https://www.google.com/search?client=ubuntu&channel=fs&q=EV+SSL+certificate&ie=utf-8&oe=utf-8
 



On Mon, Apr 9, 2018 at 11:59 AM, Steve Jones < thatoneguyst...@gmail.com > 
wrote: 



<blockquote>

tbh, im not really looking for alternative sources, im asking advice on what i 
need in a certificate 




On Mon, Apr 9, 2018 at 1:52 PM, Cameron Crum < cc...@murcevilo.com > wrote: 

<blockquote>

ssls.com 


On Mon, Apr 9, 2018 at 1:02 PM, Steve Jones < thatoneguyst...@gmail.com > 
wrote: 

<blockquote>

Im no webdude is the main reason. I know alot of people use it, phishermen love 
them. Theyre "trusted, but not verified" which, to no webdude me, says "IT WILL 
BECOME UNTRUSTED". I hate godaddy, but theyre not likely to become untrusted, 
so its not something id have to deal with with little to no knowlege. plus I 
dont understand this 90 day thing 




On Mon, Apr 9, 2018 at 12:08 PM, Mike Hammett < af...@ics-il.net > wrote: 



<blockquote>


Can you use Let's Encrypt? 




----- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 






From: "Steve Jones" < thatoneguyst...@gmail.com > 
To: af@afmug.com 
Sent: Monday, April 9, 2018 12:07:04 PM 
Subject: [AFMUG] ssl certs 


Our current cert for our billing server (powercode) is about to expire. For 
some time web browsers have been throwing up the insecure flag, probably needed 
to update it. 


What does a guy need in a certificate these days? godaddy is where we have it 
from, they have all kinds of options like green bar guarantee cert, etc. 


I have thought about getting one thats good for more than one page, just to get 
rid of the annoying security screen on our managment port and mobile. but the 
wildcard cert seems more pricey than id prefer for something thats just 
convienient rather than needed 




</blockquote>


</blockquote>


</blockquote>


</blockquote>

</blockquote>


Reply via email to