[Chugalug] StartSSL.com Rocks - Thanks Wes

Stephen Kraus ub3ratl4sf00 at gmail.com
Fri Aug 23 13:47:49 UTC 2013


Nice! I've been needing a cheaper SSL source!
On Aug 23, 2013 9:44 AM, "Mike Harrison" <cluon at geeklabs.com> wrote:

>
> Back in June, Wes mentioned StartSSL  (http://www.startssl.com)
> as an alternative to the big SSL providers, with a very different
> methodology, but good SSL certs for Apache, Linux
> (and probably everything else).
>
> Wow, what a difference. First, ignore that their website is a little dated
> looking and not over-designed with bullshit adverts and add-ons. Their
> founder Eddy Nigg is a nut, but the right kind of nut.
>
> You get started by creating and SSL Client cert that gets installed iin
> your browser which acts as your "key" to your account and then go through
> steps to verify an email address or two. The typical: they send you a
> token, you paste it back into the website type of things.
>
> Then it gets interesting, if you want "Class 2" verification, which allows
> you to create "Class 2" SSL Certificates, which are standard SSL
> Certificates used for normal web SSL encryption, you have to get confirmed
> that you are who you say you are. This required me to swallow hard because
> they wanted scans of my Passport and Drivers License.
> I checked them out for a few days online, no scam complaints... crazy
> nutcases saying they trusted them... so I did it. An actual human sent
> emails asking for a scan of a phone bill with my address on it.
> I'm prepaid with T-Mobile, which works for me and I don't get bills.
> They didn't accept the screen shots of my T-Mobile account.
>
> This led to a couple more actual human clueful emails and they ended up
> sending me, via registered mail, from Israel, a letter with a token in it
> for address verification. This took a few days to receive, but I was
> impressed that they were going through such steps.
>
> Since then, I've issued wildcard and host specific SSL certs for 3
> domains, including https://www.geeklabs.com (if you want to check out the
> SSL Cert)
>
> I've paid them $59.90 USD so far. I feel guilty. I'm used to paying much
> more to entities that have much less of a clue who is behind the
> certificate request. That actual intelligent humans responded to emails had
> me spinning my head around. Hence this writeup. I hope ya'll consider them
> for your needs also.
>
> So far, everything I have thrown at them seems to work well. PHP, Curl,
> even Java..(Gasp!)
>
> We are starting the process for the Extended Validation Certs. They want a
> lot of paperwork/proof for these, but they are less than $200 for something
> Verisign dumps you into a pricing wizard to calculate a 4+ digit number
> for, and probably has less idea who is behind the certificate. Important
> step for something taking payments for utilities.
>
> Issues:
>
> Firefox does a database lookup on SSL Certs that may take a hours to a day
> to recognize a freshly issued/installed SSL Certificate that Chrome, Safari
> and MSIE do not do by default. I'm suggesting that if this is critical is
> to issue the SSL Cert on the system, but not install it for a few hours. It
> works great once it is in the "OCSP" system.
>
> http://en.wikipedia.org/wiki/**Online_Certificate_Status_**Protocol<http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol>Firefox
>
> Firefox has this feature "on" by default.
>
> Extras:
>
> You can create a certificates valid for multiple hosts, including
> wildcards at the same time easily. Excellent workflow interfaces for this
> process.
>
> I ended up with an OpenID address of:   https://meuon.startssl.com
> which is interesting, but I have not used it yet.
>
> I'm trying to get "Web of Trust" Notary status.. I like the concept
> and maybe can be of service verifying others. This requires me being
> verified by two other WoT Notaries, which will take some travel
> as the closest are Atlanta and Nashville.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ______________________________**_________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/**mailman/listinfo/chugalug<http://chugalug.org/cgi-bin/mailman/listinfo/chugalug>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130823/3488382a/attachment.html>


More information about the Chugalug mailing list