I need to get a legit certificate for this domain. I’ve never done serious https cert shopping – who has, and what’s your opinion of the vendors? (“Not Network Solutions” I can already guess).
14 Replies to “Certificate opinions”
Comments are closed.
Hello Justin,
I recommend namecheap.com
I was like you–clueless about a good TLS provider but I took the recommendation based on this great article:
https://calomel.org/nginx.html
It was very easy to revoke the certs to reissue as ECDSA and reistall. Namecheap suppot two factor auth, too.
My certs were only $10 annually.
Where ever you go, be sure to get SHA256 certs and check out:
https://www.feistyduck.com/books/bulletproof-ssl-and-tls/
https://twitter.com/ivanristic
Best of luck,
Jungle
Last time I needed to have certificate, signed by “popular” (i.e. likely to be shiped with most browsers/OSes) I used free certificate from StartSSL, but then again, this was not serious. Their Free certificate only guarantees, that they have remotely validated Your control over FQDN You want to sign.
The least expensive “serious” certificate provider I found is namecheap.com. They provide Comodo certificates. No complains, except the lack of documentation for newbies.
I have a few certs through ssls.com who resell other big providers’ certs so there is good client compatibility with them. $5/year, easy to register and renew.
Been using godaddy for years for hundreds of websites. No issues.
odc – isn’t Comodo the one that had significant fraud issues? Do people still accept their certificates?
StartSSL certificates are what they are – free! So unless you are doing financial transactions they are probably fine. You can pay money and get “stronger” certificates from them. Also you have to pay to cancel your certificate.
InstantSSL are a cheap reseller of all the usual authorities.
Justin Sherrill – You are right. But that was 3 years ago, and it wasn’t even Comodo’s fault (it was a reseller). A few certificates were blacklisted back then. Hopefully they have learned from their mistake. I have never heard of people blocking all Comodo certificates. That would be stupid.
I heard good things about “Digicert”, but don’t have any personal experience with them.
SwissSign if you need to send emails to buisness customers.
Otherwise, for a project like this just self-certify and post the certificate publicly. CAs are a terribly flawed invention anyways.
P.S. you still wanna see that server?
I’d go for self-signed unless you have enough money to waste for the highwayman CAs.
Another option *was* CA Cert, but rumors are their free root key is hashed with MD5, which blows in beta firefox (and soon release) versions.
https://sslmate.com/ resells RapidSSL with the least amount of hassle that I know of.
It’s a service by https://www.agwa.name/
I’m not happy about node.js dependency but otherwise looks fine.