Re: buying ssl certificate

2017-05-31 Thread kc atgb 
Le Wed, 31 May 2017 17:11:49 +,
Eduardo M KALINOWSKI  a écrit :

> On Qua, 31 Mai 2017, Don Armstrong wrote:
> > On Tue, 30 May 2017, kc atgb wrote:
> >> One problem I might have with letsencrypt is that it is not recognized
> >> by all protocol clients. We have customers that are not always up to
> >> date on their side (old OSes, softwares, hosts, ... ), and letsencrypt
> >> is recent in the race, so not integrated on these devices.
> >
> > Letsencrypt signs with a signing key which is signed by the DST Root CA
> > which has been valid since 2000, and should be present on almost every
> > device. [For reference, google.com is signed by a key which was
> > generated in 2002...]
> >
> > So if it does have an issue with validity, it's an issue which many
> > SSL certificates are going to share.
> 

This is an information I do not had and that will help a lot for a decision. 
Good point ;)

> According to themselves:  
> https://letsencrypt.org/docs/certificate-compatibility/
> 

Thanks for the link. I had not took the time to take a look at their site. I 
should have gone there before. It answered certain questions I had and I am more
confortable now with how it works.

K.

Re: buying ssl certificate

2017-05-31 Thread Eduardo M KALINOWSKI 

On Qua, 31 Mai 2017, Don Armstrong wrote:

On Tue, 30 May 2017, kc atgb wrote:

One problem I might have with letsencrypt is that it is not recognized
by all protocol clients. We have customers that are not always up to
date on their side (old OSes, softwares, hosts, ... ), and letsencrypt
is recent in the race, so not integrated on these devices.


Letsencrypt signs with a signing key which is signed by the DST Root CA
which has been valid since 2000, and should be present on almost every
device. [For reference, google.com is signed by a key which was
generated in 2002...]

So if it does have an issue with validity, it's an issue which many
SSL certificates are going to share.


According to themselves:  
https://letsencrypt.org/docs/certificate-compatibility/


--
Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: buying ssl certificate

2017-05-31 Thread Don Armstrong 
On Tue, 30 May 2017, kc atgb wrote:
> One problem I might have with letsencrypt is that it is not recognized 
> by all protocol clients. We have customers that are not always up to 
> date on their side (old OSes, softwares, hosts, ... ), and letsencrypt 
> is recent in the race, so not integrated on these devices.

Letsencrypt signs with a signing key which is signed by the DST Root CA
which has been valid since 2000, and should be present on almost every
device. [For reference, google.com is signed by a key which was
generated in 2002...]

So if it does have an issue with validity, it's an issue which many
SSL certificates are going to share.

-- 
Don Armstrong  https://www.donarmstrong.com

They say when you embark on a journey
of revenge
dig two graves.
They underestimate me.
 -- a softer world #560
http://www.asofterworld.com/index.php?id=560

Re: buying ssl certificate

2017-05-31 Thread kc atgb 

Le 2017-05-28 17:10, Andy Smith a écrit :
> Hello,
> 
> On Fri, May 26, 2017 at 10:04:42PM +, kc atgb wrote:
>> I will have to buy/renew some certificates we have at my job.
>> 
>> There are a certain number of certificates providers. The question I 
>> have is which one do I have to consider ?
> 
> Domain-validated (i.e. they just check you can receive email at the
> domain, or that you can put something int eh domain's DNS) TLS
> certificates are all pretty much the same.
> 
> Your worst case scenario is that the certificate authority is found
> to be hopelessly insecure and is distrusted by one or more major
> browsers.
> 
> I suggest it is worth your time to get letsencrypt automation
> working and just use those, for free.
> 
> If you need extended validation for some reason then the costs will
> vary, pick any big name. You'd probably know what to do already if
> this were a requirement though.
> 

We don't need extended validation and if I am not wrong, that can't 
apply to our case because we have a wildcard certificate and there is no 
specific validation for wildcards.

>> Recently came to the market some lowcoast ssl certificate providers. 
>> Or free ssl providers. What do you think about them ?
> 
> I think the best of the free ones is letsencrypt.
> 

One problem I might have with letsencrypt is that it is not recognized 
by all protocol clients. We have customers that are not always up to 
date on their side (old OSes, softwares, hosts, ... ), and letsencrypt 
is recent in the race, so not integrated on these devices.

> Cheers,
> Andy

Re: buying ssl certificate

2017-05-30 Thread kc atgb 

Le 2017-05-28 17:46, Umarzuki Mochlis a écrit :
>> 
>>> Recently came to the market some lowcoast ssl certificate providers. 
>>> Or free ssl providers. What do you think about them ?
>> 
>> I think the best of the free ones is letsencrypt.
>> 
>> Cheers,
>> Andy
>> 
>> --
>> https://bitfolk.com/ -- No-nonsense VPS hosting
>> 
> 
> I'm using letsencrypt with certbot on debian 8 for owncloud 9 with
> apache2 and it works great so far.
> 

I don't know certbot. I'll have to take a look at this for maybe futur 
personal use.

We have not just only one host, but in fact, a lot, so don't know if 
that could help.

> If you feel that you must pay for it, take a look at comparisons of
> ssl certificates at below URL to make informed decision
> https://www.instantssl.com/compare-ssl-certificates.html

We have a wildcard certificate, so I think we will have to buy one.

K.

Re: buying ssl certificate

2017-05-30 Thread Joe Collins 
Hello sir,


It’s my pleasure that connect with you, I am working as network admin in
reputed web development companies and regularly purchased ssl certificate
for our clients. In the most case, I preferred free ssl certificate from
https://letsencrypt.org/ for basic requirements, otherwise I favored
https://www.ssl2buy.com for less priced and best after selling support.


I hope this will help you!


Thanks.

Re: buying ssl certificate

2017-05-28 Thread Umarzuki Mochlis 
>
>> Recently came to the market some lowcoast ssl certificate providers. Or free 
>> ssl providers. What do you think about them ?
>
> I think the best of the free ones is letsencrypt.
>
> Cheers,
> Andy
>
> --
> https://bitfolk.com/ -- No-nonsense VPS hosting
>

I'm using letsencrypt with certbot on debian 8 for owncloud 9 with
apache2 and it works great so far.

If you feel that you must pay for it, take a look at comparisons of
ssl certificates at below URL to make informed decision
https://www.instantssl.com/compare-ssl-certificates.html

Re: buying ssl certificate

2017-05-28 Thread Andy Smith 
Hello,

On Fri, May 26, 2017 at 10:04:42PM +, kc atgb wrote:
> I will have to buy/renew some certificates we have at my job. 
> 
> There are a certain number of certificates providers. The question I have is 
> which one do I have to consider ? 

Domain-validated (i.e. they just check you can receive email at the
domain, or that you can put something int eh domain's DNS) TLS
certificates are all pretty much the same.

Your worst case scenario is that the certificate authority is found
to be hopelessly insecure and is distrusted by one or more major
browsers.

I suggest it is worth your time to get letsencrypt automation
working and just use those, for free.

If you need extended validation for some reason then the costs will
vary, pick any big name. You'd probably know what to do already if
this were a requirement though.

> Recently came to the market some lowcoast ssl certificate providers. Or free 
> ssl providers. What do you think about them ? 

I think the best of the free ones is letsencrypt. 

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: buying ssl certificate

2017-05-28 Thread Nicholas Geovanis 
On Fri, May 26, 2017 at 5:04 PM, kc atgb 
wrote:
>
> There are a certain number of certificates providers. The question I have
> is which one do I have to consider ?
> Recently came to the market some lowcoast ssl certificate providers. Or
> free ssl providers. What do you think about them ?
>

My employer uses Comodo and ssls.com. I will say that for the EV
certificates at Comodo, they do seem to
do their "due diligence" and properly verify the purchaser's identity, at
least if it's corporate. But the EV certs are more
expensive of course. For the free providers, I've never heard anything bad
about letsencrypt.org but I haven't
personally used them..Nick

buying ssl certificate

2017-05-27 Thread kc atgb 
Hello list,

I don't know if my question enter in the scope of this list but I try. 

I will have to buy/renew some certificates we have at my job. 

There are a certain number of certificates providers. The question I have is 
which one do I have to consider ? 

Recently came to the market some lowcoast ssl certificate providers. Or free 
ssl providers. What do you think about them ? 

And last, when documenting, I found some ssl certificate resealers that can 
provide certificates from big authorities for a big discount. But I don't know, 
I'm
not used to these practices, and I need to have some feedbacks. Give me your 
opinions here too plz. 

Thanks for your time,
K.