<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	
	>
<channel>
	<title>
	Comments on: Certificate opinions	</title>
	<atom:link href="https://www.dragonflydigest.com/2014/09/15/certificate-opinions/feed/" rel="self" type="application/rss+xml" />
	<link>https://www.dragonflydigest.com/2014/09/15/certificate-opinions/</link>
	<description>A running description of activity related to DragonFly BSD.</description>
	<lastBuildDate>Sat, 27 Sep 2014 02:25:28 +0000</lastBuildDate>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>
	<item>
		<title>
		By: https, here &#8211; DragonFly BSD Digest		</title>
		<link>https://www.dragonflydigest.com/2014/09/15/certificate-opinions/comment-page-1/#comment-284716</link>

		<dc:creator><![CDATA[https, here &#8211; DragonFly BSD Digest]]></dc:creator>
		<pubDate>Sat, 27 Sep 2014 02:25:28 +0000</pubDate>
		<guid isPermaLink="false">http://www.dragonflydigest.com/?p=14764#comment-284716</guid>

					<description><![CDATA[[&#8230;] had a reminder in my calendar to do it tonight, and thanks to your suggestions, I have a &#8216;real&#8217; SSL certificate installed.  If you want to browse the Digest using [&#8230;]]]></description>
			<content:encoded><![CDATA[<p>[&#8230;] had a reminder in my calendar to do it tonight, and thanks to your suggestions, I have a &#8216;real&#8217; SSL certificate installed.  If you want to browse the Digest using [&#8230;]</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Anonymous Coward		</title>
		<link>https://www.dragonflydigest.com/2014/09/15/certificate-opinions/comment-page-1/#comment-278333</link>

		<dc:creator><![CDATA[Anonymous Coward]]></dc:creator>
		<pubDate>Fri, 19 Sep 2014 10:57:24 +0000</pubDate>
		<guid isPermaLink="false">http://www.dragonflydigest.com/?p=14764#comment-278333</guid>

					<description><![CDATA[https://sslmate.com/ resells RapidSSL with the least amount of hassle that I know of.

It&#039;s a service by https://www.agwa.name/

I&#039;m not happy about node.js dependency but otherwise looks fine.]]></description>
			<content:encoded><![CDATA[<p><a href="https://sslmate.com/" rel="nofollow ugc">https://sslmate.com/</a> resells RapidSSL with the least amount of hassle that I know of.</p>
<p>It&#8217;s a service by <a href="https://www.agwa.name/" rel="nofollow ugc">https://www.agwa.name/</a></p>
<p>I&#8217;m not happy about node.js dependency but otherwise looks fine.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Anon		</title>
		<link>https://www.dragonflydigest.com/2014/09/15/certificate-opinions/comment-page-1/#comment-276863</link>

		<dc:creator><![CDATA[Anon]]></dc:creator>
		<pubDate>Wed, 17 Sep 2014 18:45:52 +0000</pubDate>
		<guid isPermaLink="false">http://www.dragonflydigest.com/?p=14764#comment-276863</guid>

					<description><![CDATA[I&#039;d go for self-signed unless you have enough money to waste for the highwayman CAs.

Another option *was* CA Cert, but rumors are their free root key is hashed with MD5, which blows in beta firefox (and soon release) versions.]]></description>
			<content:encoded><![CDATA[<p>I&#8217;d go for self-signed unless you have enough money to waste for the highwayman CAs.</p>
<p>Another option *was* CA Cert, but rumors are their free root key is hashed with MD5, which blows in beta firefox (and soon release) versions.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: FinFin		</title>
		<link>https://www.dragonflydigest.com/2014/09/15/certificate-opinions/comment-page-1/#comment-276673</link>

		<dc:creator><![CDATA[FinFin]]></dc:creator>
		<pubDate>Wed, 17 Sep 2014 12:51:43 +0000</pubDate>
		<guid isPermaLink="false">http://www.dragonflydigest.com/?p=14764#comment-276673</guid>

					<description><![CDATA[P.S. you still wanna see that server?]]></description>
			<content:encoded><![CDATA[<p>P.S. you still wanna see that server?</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: FinFin		</title>
		<link>https://www.dragonflydigest.com/2014/09/15/certificate-opinions/comment-page-1/#comment-276672</link>

		<dc:creator><![CDATA[FinFin]]></dc:creator>
		<pubDate>Wed, 17 Sep 2014 12:51:22 +0000</pubDate>
		<guid isPermaLink="false">http://www.dragonflydigest.com/?p=14764#comment-276672</guid>

					<description><![CDATA[SwissSign if you need to send emails to buisness customers.
Otherwise, for a project like this just self-certify and post the certificate publicly. CAs are a terribly flawed invention anyways.]]></description>
			<content:encoded><![CDATA[<p>SwissSign if you need to send emails to buisness customers.<br />
Otherwise, for a project like this just self-certify and post the certificate publicly. CAs are a terribly flawed invention anyways.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Carsten		</title>
		<link>https://www.dragonflydigest.com/2014/09/15/certificate-opinions/comment-page-1/#comment-276188</link>

		<dc:creator><![CDATA[Carsten]]></dc:creator>
		<pubDate>Tue, 16 Sep 2014 21:42:52 +0000</pubDate>
		<guid isPermaLink="false">http://www.dragonflydigest.com/?p=14764#comment-276188</guid>

					<description><![CDATA[I heard good things about &quot;Digicert&quot;, but don&#039;t have any personal experience with them.]]></description>
			<content:encoded><![CDATA[<p>I heard good things about &#8220;Digicert&#8221;, but don&#8217;t have any personal experience with them.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: odc		</title>
		<link>https://www.dragonflydigest.com/2014/09/15/certificate-opinions/comment-page-1/#comment-276165</link>

		<dc:creator><![CDATA[odc]]></dc:creator>
		<pubDate>Tue, 16 Sep 2014 20:32:31 +0000</pubDate>
		<guid isPermaLink="false">http://www.dragonflydigest.com/?p=14764#comment-276165</guid>

					<description><![CDATA[Justin Sherrill - You are right. But that was 3 years ago, and it wasn&#039;t even Comodo&#039;s fault (it was a reseller). A few certificates were blacklisted back then. Hopefully they have learned from their mistake. I have never heard of people blocking all Comodo certificates. That would be stupid.]]></description>
			<content:encoded><![CDATA[<p>Justin Sherrill &#8211; You are right. But that was 3 years ago, and it wasn&#8217;t even Comodo&#8217;s fault (it was a reseller). A few certificates were blacklisted back then. Hopefully they have learned from their mistake. I have never heard of people blocking all Comodo certificates. That would be stupid.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Dean		</title>
		<link>https://www.dragonflydigest.com/2014/09/15/certificate-opinions/comment-page-1/#comment-275850</link>

		<dc:creator><![CDATA[Dean]]></dc:creator>
		<pubDate>Tue, 16 Sep 2014 09:28:00 +0000</pubDate>
		<guid isPermaLink="false">http://www.dragonflydigest.com/?p=14764#comment-275850</guid>

					<description><![CDATA[StartSSL certificates are what they are - free! So unless you are doing financial transactions they are probably fine. You can pay money and get &quot;stronger&quot; certificates from them. Also you have to pay to cancel your certificate.


InstantSSL are a cheap reseller of all the usual authorities.]]></description>
			<content:encoded><![CDATA[<p>StartSSL certificates are what they are &#8211; free! So unless you are doing financial transactions they are probably fine. You can pay money and get &#8220;stronger&#8221; certificates from them. Also you have to pay to cancel your certificate.</p>
<p>InstantSSL are a cheap reseller of all the usual authorities.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Justin Sherrill		</title>
		<link>https://www.dragonflydigest.com/2014/09/15/certificate-opinions/comment-page-1/#comment-275562</link>

		<dc:creator><![CDATA[Justin Sherrill]]></dc:creator>
		<pubDate>Tue, 16 Sep 2014 02:04:35 +0000</pubDate>
		<guid isPermaLink="false">http://www.dragonflydigest.com/?p=14764#comment-275562</guid>

					<description><![CDATA[odc - isn&#039;t Comodo the one that had significant fraud issues?  Do people still accept their certificates?]]></description>
			<content:encoded><![CDATA[<p>odc &#8211; isn&#8217;t Comodo the one that had significant fraud issues?  Do people still accept their certificates?</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Alan		</title>
		<link>https://www.dragonflydigest.com/2014/09/15/certificate-opinions/comment-page-1/#comment-275324</link>

		<dc:creator><![CDATA[Alan]]></dc:creator>
		<pubDate>Mon, 15 Sep 2014 20:18:59 +0000</pubDate>
		<guid isPermaLink="false">http://www.dragonflydigest.com/?p=14764#comment-275324</guid>

					<description><![CDATA[Been using godaddy for years for hundreds of websites.  No issues.]]></description>
			<content:encoded><![CDATA[<p>Been using godaddy for years for hundreds of websites.  No issues.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: jcs		</title>
		<link>https://www.dragonflydigest.com/2014/09/15/certificate-opinions/comment-page-1/#comment-275301</link>

		<dc:creator><![CDATA[jcs]]></dc:creator>
		<pubDate>Mon, 15 Sep 2014 19:15:53 +0000</pubDate>
		<guid isPermaLink="false">http://www.dragonflydigest.com/?p=14764#comment-275301</guid>

					<description><![CDATA[I have a few certs through ssls.com who resell other big providers&#039; certs so there is good client compatibility with them.  $5/year, easy to register and renew.]]></description>
			<content:encoded><![CDATA[<p>I have a few certs through ssls.com who resell other big providers&#8217; certs so there is good client compatibility with them.  $5/year, easy to register and renew.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: odc		</title>
		<link>https://www.dragonflydigest.com/2014/09/15/certificate-opinions/comment-page-1/#comment-275300</link>

		<dc:creator><![CDATA[odc]]></dc:creator>
		<pubDate>Mon, 15 Sep 2014 19:13:05 +0000</pubDate>
		<guid isPermaLink="false">http://www.dragonflydigest.com/?p=14764#comment-275300</guid>

					<description><![CDATA[The least expensive &quot;serious&quot; certificate provider I found is namecheap.com. They provide Comodo certificates. No complains, except the lack of documentation for newbies.]]></description>
			<content:encoded><![CDATA[<p>The least expensive &#8220;serious&#8221; certificate provider I found is namecheap.com. They provide Comodo certificates. No complains, except the lack of documentation for newbies.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: M?rcis		</title>
		<link>https://www.dragonflydigest.com/2014/09/15/certificate-opinions/comment-page-1/#comment-275254</link>

		<dc:creator><![CDATA[M?rcis]]></dc:creator>
		<pubDate>Mon, 15 Sep 2014 18:01:01 +0000</pubDate>
		<guid isPermaLink="false">http://www.dragonflydigest.com/?p=14764#comment-275254</guid>

					<description><![CDATA[Last time I needed to have certificate, signed by &quot;popular&quot; (i.e. likely to be shiped with most browsers/OSes) I used free certificate from StartSSL, but then again, this was not serious. Their Free certificate only guarantees, that they have remotely validated Your control over FQDN You want to sign.]]></description>
			<content:encoded><![CDATA[<p>Last time I needed to have certificate, signed by &#8220;popular&#8221; (i.e. likely to be shiped with most browsers/OSes) I used free certificate from StartSSL, but then again, this was not serious. Their Free certificate only guarantees, that they have remotely validated Your control over FQDN You want to sign.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: jungle		</title>
		<link>https://www.dragonflydigest.com/2014/09/15/certificate-opinions/comment-page-1/#comment-275239</link>

		<dc:creator><![CDATA[jungle]]></dc:creator>
		<pubDate>Mon, 15 Sep 2014 17:31:52 +0000</pubDate>
		<guid isPermaLink="false">http://www.dragonflydigest.com/?p=14764#comment-275239</guid>

					<description><![CDATA[Hello Justin,

I recommend namecheap.com

I was like you--clueless about a good TLS provider but I took the recommendation based on this great article:
https://calomel.org/nginx.html

It was very easy to revoke the certs to reissue as ECDSA and reistall. Namecheap suppot two factor auth, too.

My certs were only $10 annually.

Where ever you go, be sure to get SHA256 certs and check out:
https://www.feistyduck.com/books/bulletproof-ssl-and-tls/
https://twitter.com/ivanristic

Best of luck,
Jungle]]></description>
			<content:encoded><![CDATA[<p>Hello Justin,</p>
<p>I recommend namecheap.com</p>
<p>I was like you&#8211;clueless about a good TLS provider but I took the recommendation based on this great article:<br />
<a href="https://calomel.org/nginx.html" rel="nofollow ugc">https://calomel.org/nginx.html</a></p>
<p>It was very easy to revoke the certs to reissue as ECDSA and reistall. Namecheap suppot two factor auth, too.</p>
<p>My certs were only $10 annually.</p>
<p>Where ever you go, be sure to get SHA256 certs and check out:<br />
<a href="https://www.feistyduck.com/books/bulletproof-ssl-and-tls/" rel="nofollow ugc">https://www.feistyduck.com/books/bulletproof-ssl-and-tls/</a><br />
<a href="https://twitter.com/ivanristic" rel="nofollow ugc">https://twitter.com/ivanristic</a></p>
<p>Best of luck,<br />
Jungle</p>
]]></content:encoded>
		
			</item>
	</channel>
</rss>
