[Ldsoss] SSL Certificates
Does anybody know of an inexpensive (free would be good) alternative for SSL server certificates? I know how to self-sign, but that requires my certificate authority certificate be installed as a trusted root CA in every browser that visits my site. The process of installing a trusted root certificate isn't easy, and although I could probably create an installer for the certificate on Windows, I'm hesitant to do that until I've explored alternatives. I'm hoping someone out there knows of a way to get a certificate signed by an authority that is already trusted by most browsers, without having to pay Verisign or Thawte several hundred dollars a year. Some kind of non-profit exemption might do the trick, or perhaps someone who has set up free infrastructure to do the job. The solution to this particular problem need not be open source, so if anyone knows of a better source for this info, please let me know. Kevin Wise ___ Ldsoss mailing list Ldsoss@lists.ldsoss.org http://lists.ldsoss.org/mailman/listinfo/ldsoss
Re: [Ldsoss] SSL Certificates
On Sep 13, 2006, at 12:04 AM, Kevin Wise wrote: Does anybody know of an inexpensive (free would be good) alternative for SSL server certificates? I know how to self-sign, but that requires my certificate authority certificate be installed as a trusted root CA in every browser that visits my site. The process of installing a trusted root certificate isn't easy, and although I could probably create an installer for the certificate on Windows, I'm hesitant to do that until I've explored alternatives. I'm hoping someone out there knows of a way to get a certificate signed by an authority that is already trusted by most browsers, without having to pay Verisign or Thawte several hundred dollars a year. Some kind of non-profit exemption might do the trick, or perhaps someone who has set up free infrastructure to do the job. The solution to this particular problem need not be open source, so if anyone knows of a better source for this info, please let me know. I don't know of any open source options, but the best deals seem to be available when you search for ssl certificates (or something similar) and click on the Google ads. Thawte runs a $99/year deal but I think it's only available if you click through the Google ad. At the time, GoDaddy is also advertising a Turbo SSL cert for $19.99/year. ___ Ldsoss mailing list Ldsoss@lists.ldsoss.org http://lists.ldsoss.org/mailman/listinfo/ldsoss
Re: [Ldsoss] SSL Certificates
Yesterday at 11:04pm, Kevin Wise said: Does anybody know of an inexpensive (free would be good) alternative for SSL server certificates? I'm hoping someone out there knows of a way to get a certificate signed by an authority that is already trusted by most browsers, without having to pay Verisign or Thawte several hundred dollars a year. Because of the costs involved in running a certificate authority that is trustworthy, I don't know of any place that will do it for free, though you may be right about the non-profit thing though I've never seen a discount offered. For a CA to get trusted as a root in all the browsers, they've got to be reputable and do some validation of the info you submit before they sign a cert for you. It wouldn't do any good if anyone could go out and buy a cert that says www.paypal.com or something and have it be trusted by everyone. Many of the cheap places automate the process as much as possible, which is part of what lets them do it inexpensively. Some kind of non-profit exemption might do the trick, or perhaps someone who has set up free infrastructure to do the job. The solution to this particular problem need not be open source, so if anyone knows of a better source for this info, please let me know. There are quite a few inexpensive places to get certificates signed. Richard already mentioned GoDaddy for about $20/year. I've never used them. I have used RapidSSL.com, InstantSSL.com, and FlexiSSL.com all with good results. I think the ones I've been getting lately have been about $24/year with FlexiSSL, with further discounts for multi-year orders. They also had a competitive upgrade deal where you could renew a cert from another provider for free for a year or something like that, or maybe it was buy one year get one free. GoDaddy might have some deals that bundle SSL with hosting and/or domain name registration too. I don't think any of the other SSL providers offer other services like hosting though. (Any cert you buy should be able to be hosted anywhere though.) Almost any SSL cert that is signed by a trusted root will work just fine for your purposes. Be aware that chained certificates often come with more installation headaches (depends a lot on your hosting provider), but the cheap ones from flexissl aren't chained. The other consideration is if you (or your client, or your end users, or whoever matters) will want a site seal or something like that to paste on your page and let people verify that you're secure. Some of the cheap ones don't come with much in that regard, and sometimes you can buy it cheaply as an add-on if you want it. Some of them have different levels of seals too. If you don't care much about what it says, just make up your own image/logo that says your site is secure, and you'll get about the same thing. Depending on your application, some hosting providers have a valid secure cert you can use for your stuff as long as you don't mind the URL including their domain name. Some place does something like https://www.securesites.net/yoursite/ but I don't remember who right now. That would be a way to do trusted SSL without paying an extra dime, but if you want your own domain name in there, it isn't an option. Thanks, Mac -- Mac Newbold Code Greene, LLC 1440 S. Foothill Dr. Suite #250 Office: 801-438-0142Salt Lake City, UT 84108 Cell: 801-694-6334www.codegreene.com ___ Ldsoss mailing list Ldsoss@lists.ldsoss.org http://lists.ldsoss.org/mailman/listinfo/ldsoss
Re: [Ldsoss] SSL Certificates
While not preloaded in all browsers, two free alternatives are: http://cert.startcom.org/ http://www.cacert.org/ Charles -Original Message- From: Kevin Wise [EMAIL PROTECTED] Subject: [Ldsoss] SSL Certificates Date: Tue, 12 Sep 2006 23:04:21 -0700 To: LDS Open Source Software ldsoss@lists.ldsoss.org Reply-To: LDS Open Source Software ldsoss@lists.ldsoss.org Does anybody know of an inexpensive (free would be good) alternative for SSL server certificates? I know how to self-sign, but that requires my certificate authority certificate be installed as a trusted root CA in every browser that visits my site. The process of installing a trusted root certificate isn't easy, and although I could probably create an installer for the certificate on Windows, I'm hesitant to do that until I've explored alternatives. I'm hoping someone out there knows of a way to get a certificate signed by an authority that is already trusted by most browsers, without having to pay Verisign or Thawte several hundred dollars a year. Some kind of non-profit exemption might do the trick, or perhaps someone who has set up free infrastructure to do the job. The solution to this particular problem need not be open source, so if anyone knows of a better source for this info, please let me know. Kevin Wise ___ Ldsoss mailing list Ldsoss@lists.ldsoss.org http://lists.ldsoss.org/mailman/listinfo/ldsoss -- Gets each Whisker At the base No ingrown hair On neck or face Burma-Shave http://burma-shave.org/jingles/1941/gets_each ___ Ldsoss mailing list Ldsoss@lists.ldsoss.org http://lists.ldsoss.org/mailman/listinfo/ldsoss
