[Chugalug] StartCom StartSSL

Mike Harrison cluon at geeklabs.com
Sun Jun 30 14:12:53 UTC 2013

On Fri, 28 Jun 2013, wes wrote:
> I use StartCom's StartSSL. it's a little cumbersome at first because they do things so much differently, but once you get past the learning
> curve it's actually quite nice. For wildcard certs you have to pay around $100 in fees to verify yourself for each company shown in the
> Registrant of each domain's whois info.


I gotta admit, I like their business model and general cluefullness.  My 
issue is using a chained certificate. Their apache configs clearly show:

    SSLCertificateChainFile /usr/local/apache/conf/sub.class1.server.ca.pem
    SSLCACertificateFile /usr/local/apache/conf/ca.pem

Which is what breaks people I'm trying to interface with using very 
limited development environments and average developers using Java/J2EE,
.Net,C# etc.. and sometimes weird proxy servers.

Their https://www.startssl.com  website and certificates are working well 
in Firefox and Chrome on Linux and Android, when I dig in, I see that 
their core Certificate Authority as StartCom is a "Built in object token"
ie: built into the browsers core CA deck. And then they chain off of it.

Have you or anyone else used them as a CA for more than standard web 
browser stuff (ie: API integration?)


More information about the Chugalug mailing list