Certificate opinions

I need to get a legit certificate for this domain.  I’ve never done serious https cert shopping – who has, and what’s your opinion of the vendors?  (“Not Network Solutions” I can already guess).

14 Replies to “Certificate opinions”

  1. jungle says:

    Hello Justin,

    I recommend namecheap.com

    I was like you–clueless about a good TLS provider but I took the recommendation based on this great article:

    It was very easy to revoke the certs to reissue as ECDSA and reistall. Namecheap suppot two factor auth, too.

    My certs were only $10 annually.

    Where ever you go, be sure to get SHA256 certs and check out:

    Best of luck,

  2. M?rcis says:

    Last time I needed to have certificate, signed by “popular” (i.e. likely to be shiped with most browsers/OSes) I used free certificate from StartSSL, but then again, this was not serious. Their Free certificate only guarantees, that they have remotely validated Your control over FQDN You want to sign.

  3. odc says:

    The least expensive “serious” certificate provider I found is namecheap.com. They provide Comodo certificates. No complains, except the lack of documentation for newbies.

  4. jcs says:

    I have a few certs through ssls.com who resell other big providers’ certs so there is good client compatibility with them. $5/year, easy to register and renew.

  5. Alan says:

    Been using godaddy for years for hundreds of websites. No issues.

  6. odc – isn’t Comodo the one that had significant fraud issues? Do people still accept their certificates?

  7. Dean says:

    StartSSL certificates are what they are – free! So unless you are doing financial transactions they are probably fine. You can pay money and get “stronger” certificates from them. Also you have to pay to cancel your certificate.

    InstantSSL are a cheap reseller of all the usual authorities.

  8. odc says:

    Justin Sherrill – You are right. But that was 3 years ago, and it wasn’t even Comodo’s fault (it was a reseller). A few certificates were blacklisted back then. Hopefully they have learned from their mistake. I have never heard of people blocking all Comodo certificates. That would be stupid.

  9. Carsten says:

    I heard good things about “Digicert”, but don’t have any personal experience with them.

  10. FinFin says:

    SwissSign if you need to send emails to buisness customers.
    Otherwise, for a project like this just self-certify and post the certificate publicly. CAs are a terribly flawed invention anyways.

  11. FinFin says:

    P.S. you still wanna see that server?

  12. Anon says:

    I’d go for self-signed unless you have enough money to waste for the highwayman CAs.

    Another option *was* CA Cert, but rumors are their free root key is hashed with MD5, which blows in beta firefox (and soon release) versions.

  13. Anonymous Coward says:

    https://sslmate.com/ resells RapidSSL with the least amount of hassle that I know of.

    It’s a service by https://www.agwa.name/

    I’m not happy about node.js dependency but otherwise looks fine.

Comments are closed.