Yesterday at 11:04pm, Kevin Wise said:
Does anybody know of an inexpensive (free would be good) alternative for SSL
server certificates?
I'm hoping someone out there knows of a way to get a certificate signed by an
authority that is already trusted by most browsers, without having to pay
Verisign or Thawte several hundred dollars a year.
Because of the costs involved in running a certificate authority that is
trustworthy, I don't know of any place that will do it for free, though you may
be right about the non-profit thing though I've never seen a discount offered.
For a CA to get trusted as a root in all the browsers, they've got to be
reputable and do some validation of the info you submit before they sign a cert
for you. It wouldn't do any good if anyone could go out and buy a cert that
says www.paypal.com or something and have it be trusted by everyone. Many of
the cheap places automate the process as much as possible, which is part of
what lets them do it inexpensively.
Some kind of non-profit exemption might do the trick, or perhaps someone who
has set up free infrastructure to do the job. The solution to this
particular problem need not be open source, so if anyone knows of a better
source for this info, please let me know.
There are quite a few inexpensive places to get certificates signed. Richard
already mentioned GoDaddy for about $20/year. I've never used them. I have used
RapidSSL.com, InstantSSL.com, and FlexiSSL.com all with good results. I think
the ones I've been getting lately have been about $24/year with FlexiSSL, with
further discounts for multi-year orders. They also had a "competitive upgrade"
deal where you could renew a cert from another provider for free for a year or
something like that, or maybe it was buy one year get one free. GoDaddy might
have some deals that bundle SSL with hosting and/or domain name registration
too. I don't think any of the other SSL providers offer other services like
hosting though. (Any cert you buy should be able to be hosted anywhere though.)
Almost any SSL cert that is signed by a trusted root will work just fine for
your purposes. Be aware that "chained" certificates often come with more
installation headaches (depends a lot on your hosting provider), but the cheap
ones from flexissl aren't chained. The other consideration is if you (or your
client, or your end users, or whoever matters) will want a "site seal" or
something like that to paste on your page and let people verify that you're
secure. Some of the cheap ones don't come with much in that regard, and
sometimes you can buy it cheaply as an add-on if you want it. Some of them have
different levels of seals too. If you don't care much about what it says, just
make up your own image/logo that says your site is secure, and you'll get about
the same thing.
Depending on your application, some hosting providers have a valid secure cert
you can use for your stuff as long as you don't mind the URL including their
domain name. Some place does something like
https://www.securesites.net/yoursite/ but I don't remember who right now. That
would be a way to do trusted SSL without paying an extra dime, but if you want
your own domain name in there, it isn't an option.
Thanks,
Mac
--
Mac Newbold Code Greene, LLC
1440 S. Foothill Dr. Suite #250
Office: 801-438-0142 Salt Lake City, UT 84108
Cell: 801-694-6334 www.codegreene.com
_______________________________________________
Ldsoss mailing list
[email protected]
http://lists.ldsoss.org/mailman/listinfo/ldsoss
