[Ldsoss] SSL Certificates

Mac Newbold mac at macnewbold.com
Wed Sep 13 03:41:46 EDT 2006 

Yesterday at 11:04pm, Kevin Wise said:

> Does anybody know of an inexpensive (free would be good) alternative for SSL 
> server certificates?

> I'm hoping someone out there knows of a way to get a certificate signed by an 
> authority that is already trusted by most browsers, without having to pay 
> Verisign or Thawte several hundred dollars a year.

Because of the costs involved in running a certificate authority that is 
trustworthy, I don't know of any place that will do it for free, though you may 
be right about the non-profit thing though I've never seen a discount offered. 
For a CA to get trusted as a root in all the browsers, they've got to be 
reputable and do some validation of the info you submit before they sign a cert 
for you. It wouldn't do any good if anyone could go out and buy a cert that 
says www.paypal.com or something and have it be trusted by everyone. Many of 
the cheap places automate the process as much as possible, which is part of 
what lets them do it inexpensively.

> Some kind of non-profit exemption might do the trick, or perhaps someone who 
> has set up free infrastructure to do the job.  The solution to this 
> particular problem need not be open source, so if anyone knows of a better 
> source for this info, please let me know.

There are quite a few inexpensive places to get certificates signed. Richard 
already mentioned GoDaddy for about $20/year. I've never used them. I have used 
RapidSSL.com, InstantSSL.com, and FlexiSSL.com all with good results. I think 
the ones I've been getting lately have been about $24/year with FlexiSSL, with 
further discounts for multi-year orders. They also had a "competitive upgrade" 
deal where you could renew a cert from another provider for free for a year or 
something like that, or maybe it was buy one year get one free. GoDaddy might 
have some deals that bundle SSL with hosting and/or domain name registration 
too. I don't think any of the other SSL providers offer other services like 
hosting though. (Any cert you buy should be able to be hosted anywhere though.)

Almost any SSL cert that is signed by a trusted root will work just fine for 
your purposes. Be aware that "chained" certificates often come with more 
installation headaches (depends a lot on your hosting provider), but the cheap 
ones from flexissl aren't chained. The other consideration is if you (or your 
client, or your end users, or whoever matters) will want a "site seal" or 
something like that to paste on your page and let people verify that you're 
secure. Some of the cheap ones don't come with much in that regard, and 
sometimes you can buy it cheaply as an add-on if you want it. Some of them have 
different levels of seals too. If you don't care much about what it says, just 
make up your own image/logo that says your site is secure, and you'll get about 
the same thing.

Depending on your application, some hosting providers have a valid secure cert 
you can use for your stuff as long as you don't mind the URL including their 
domain name. Some place does something like 
https://www.securesites.net/yoursite/ but I don't remember who right now. That 
would be a way to do trusted SSL without paying an extra dime, but if you want 
your own domain name in there, it isn't an option.

Thanks,
Mac

--
Mac Newbold			Code Greene, LLC
 				1440 S. Foothill Dr. Suite #250
Office:	801-438-0142		Salt Lake City, UT  84108
Cell:	801-694-6334		www.codegreene.com

More information about the Ldsoss mailing list