Re: buying ssl certificate
Le Wed, 31 May 2017 17:11:49 +, Eduardo M KALINOWSKIa écrit : > On Qua, 31 Mai 2017, Don Armstrong wrote: > > On Tue, 30 May 2017, kc atgb wrote: > >> One problem I might have with letsencrypt is that it is not recognized > >> by all protocol clients. We have customers that are not always up to > >> date on their side (old OSes, softwares, hosts, ... ), and letsencrypt > >> is recent in the race, so not integrated on these devices. > > > > Letsencrypt signs with a signing key which is signed by the DST Root CA > > which has been valid since 2000, and should be present on almost every > > device. [For reference, google.com is signed by a key which was > > generated in 2002...] > > > > So if it does have an issue with validity, it's an issue which many > > SSL certificates are going to share. > This is an information I do not had and that will help a lot for a decision. Good point ;) > According to themselves: > https://letsencrypt.org/docs/certificate-compatibility/ > Thanks for the link. I had not took the time to take a look at their site. I should have gone there before. It answered certain questions I had and I am more confortable now with how it works. K.
Re: buying ssl certificate
On Qua, 31 Mai 2017, Don Armstrong wrote: On Tue, 30 May 2017, kc atgb wrote: One problem I might have with letsencrypt is that it is not recognized by all protocol clients. We have customers that are not always up to date on their side (old OSes, softwares, hosts, ... ), and letsencrypt is recent in the race, so not integrated on these devices. Letsencrypt signs with a signing key which is signed by the DST Root CA which has been valid since 2000, and should be present on almost every device. [For reference, google.com is signed by a key which was generated in 2002...] So if it does have an issue with validity, it's an issue which many SSL certificates are going to share. According to themselves: https://letsencrypt.org/docs/certificate-compatibility/ -- Eduardo M KALINOWSKI edua...@kalinowski.com.br
Re: buying ssl certificate
On Tue, 30 May 2017, kc atgb wrote: > One problem I might have with letsencrypt is that it is not recognized > by all protocol clients. We have customers that are not always up to > date on their side (old OSes, softwares, hosts, ... ), and letsencrypt > is recent in the race, so not integrated on these devices. Letsencrypt signs with a signing key which is signed by the DST Root CA which has been valid since 2000, and should be present on almost every device. [For reference, google.com is signed by a key which was generated in 2002...] So if it does have an issue with validity, it's an issue which many SSL certificates are going to share. -- Don Armstrong https://www.donarmstrong.com They say when you embark on a journey of revenge dig two graves. They underestimate me. -- a softer world #560 http://www.asofterworld.com/index.php?id=560
Re: buying ssl certificate
Le 2017-05-28 17:10, Andy Smith a écrit : > Hello, > > On Fri, May 26, 2017 at 10:04:42PM +, kc atgb wrote: >> I will have to buy/renew some certificates we have at my job. >> >> There are a certain number of certificates providers. The question I >> have is which one do I have to consider ? > > Domain-validated (i.e. they just check you can receive email at the > domain, or that you can put something int eh domain's DNS) TLS > certificates are all pretty much the same. > > Your worst case scenario is that the certificate authority is found > to be hopelessly insecure and is distrusted by one or more major > browsers. > > I suggest it is worth your time to get letsencrypt automation > working and just use those, for free. > > If you need extended validation for some reason then the costs will > vary, pick any big name. You'd probably know what to do already if > this were a requirement though. > We don't need extended validation and if I am not wrong, that can't apply to our case because we have a wildcard certificate and there is no specific validation for wildcards. >> Recently came to the market some lowcoast ssl certificate providers. >> Or free ssl providers. What do you think about them ? > > I think the best of the free ones is letsencrypt. > One problem I might have with letsencrypt is that it is not recognized by all protocol clients. We have customers that are not always up to date on their side (old OSes, softwares, hosts, ... ), and letsencrypt is recent in the race, so not integrated on these devices. > Cheers, > Andy
Re: buying ssl certificate
Le 2017-05-28 17:46, Umarzuki Mochlis a écrit : >> >>> Recently came to the market some lowcoast ssl certificate providers. >>> Or free ssl providers. What do you think about them ? >> >> I think the best of the free ones is letsencrypt. >> >> Cheers, >> Andy >> >> -- >> https://bitfolk.com/ -- No-nonsense VPS hosting >> > > I'm using letsencrypt with certbot on debian 8 for owncloud 9 with > apache2 and it works great so far. > I don't know certbot. I'll have to take a look at this for maybe futur personal use. We have not just only one host, but in fact, a lot, so don't know if that could help. > If you feel that you must pay for it, take a look at comparisons of > ssl certificates at below URL to make informed decision > https://www.instantssl.com/compare-ssl-certificates.html We have a wildcard certificate, so I think we will have to buy one. K.
Re: buying ssl certificate
Hello sir, It’s my pleasure that connect with you, I am working as network admin in reputed web development companies and regularly purchased ssl certificate for our clients. In the most case, I preferred free ssl certificate from https://letsencrypt.org/ for basic requirements, otherwise I favored https://www.ssl2buy.com for less priced and best after selling support. I hope this will help you! Thanks.
Re: buying ssl certificate
> >> Recently came to the market some lowcoast ssl certificate providers. Or free >> ssl providers. What do you think about them ? > > I think the best of the free ones is letsencrypt. > > Cheers, > Andy > > -- > https://bitfolk.com/ -- No-nonsense VPS hosting > I'm using letsencrypt with certbot on debian 8 for owncloud 9 with apache2 and it works great so far. If you feel that you must pay for it, take a look at comparisons of ssl certificates at below URL to make informed decision https://www.instantssl.com/compare-ssl-certificates.html
Re: buying ssl certificate
Hello, On Fri, May 26, 2017 at 10:04:42PM +, kc atgb wrote: > I will have to buy/renew some certificates we have at my job. > > There are a certain number of certificates providers. The question I have is > which one do I have to consider ? Domain-validated (i.e. they just check you can receive email at the domain, or that you can put something int eh domain's DNS) TLS certificates are all pretty much the same. Your worst case scenario is that the certificate authority is found to be hopelessly insecure and is distrusted by one or more major browsers. I suggest it is worth your time to get letsencrypt automation working and just use those, for free. If you need extended validation for some reason then the costs will vary, pick any big name. You'd probably know what to do already if this were a requirement though. > Recently came to the market some lowcoast ssl certificate providers. Or free > ssl providers. What do you think about them ? I think the best of the free ones is letsencrypt. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
Re: buying ssl certificate
On Fri, May 26, 2017 at 5:04 PM, kc atgbwrote: > > There are a certain number of certificates providers. The question I have > is which one do I have to consider ? > Recently came to the market some lowcoast ssl certificate providers. Or > free ssl providers. What do you think about them ? > My employer uses Comodo and ssls.com. I will say that for the EV certificates at Comodo, they do seem to do their "due diligence" and properly verify the purchaser's identity, at least if it's corporate. But the EV certs are more expensive of course. For the free providers, I've never heard anything bad about letsencrypt.org but I haven't personally used them..Nick
buying ssl certificate
Hello list, I don't know if my question enter in the scope of this list but I try. I will have to buy/renew some certificates we have at my job. There are a certain number of certificates providers. The question I have is which one do I have to consider ? Recently came to the market some lowcoast ssl certificate providers. Or free ssl providers. What do you think about them ? And last, when documenting, I found some ssl certificate resealers that can provide certificates from big authorities for a big discount. But I don't know, I'm not used to these practices, and I need to have some feedbacks. Give me your opinions here too plz. Thanks for your time, K.