New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Extended Validation Certificates are Dead
I was feeling lucky that I got 5x EV SSL deal on Namecheap Cyber Monday.
But after reading this:
https://www.troyhunt.com/extended-validation-certificates-are-dead/
I was planning to get a green bar for several sites, now I am feeling like it's a waste of money.
Comments
In general, buying SSL certificates, is a waste of money.
Except maybe the time you need to burn for getting Wilcard to work on Lets encrypt.
Also, that Chrome is gonna remove it, its nothing new, and if they do it, a lot of people are going to follow mostly.
Hasn't it been a while since it became public knowledge that the green bar is gonna be dead?
I assumed the opposite would happen. Since it's easy and free to get TLS certificates, then to get a higher level of trustworthy, companies, like e-comm sites would have been pushed to get E.V. certs.
A company just says, that this is a valid ssl cert and issues you a signed one.
Thats all what they do, its automated, its a matter of seconds.
If the EV is gone, do you really gonna think the normal user will bother and click on it to see the details? Chrome even hides it, you need to open the developer terminal.
Oh! I always thought there were verficiations of the identity and things like that, to ensure the declared owner of the cert is legitimate.
Of course not. Average user do not pay attention to all of this. I am not even sure that people are really paying attention to HTTPS anymore.
https://stripe.ian.sh/
Here. More bad news for you
That was a very long but interesting read.
Wasn't the point of EV SSL defeated when it became apparent that some SSL companies had horrible verification process and anyone could get an EV to imitate big companies?
No, the point of EV SSL was more money for someone. Pretty sure some dude made millions off it.
Meanwhile, on LET, a jerk goes PMS for 0.54 cents.
Yeah besides the cost, EV certs generally required you to input your business into a database like Dun & Bradstreet, whose databases primarily exist to sell to cold callers etc, and do no real verification. All a big con.
Chrome you can just click on the Lock -> Certificate on the address bar.
Not really hidden..
Troy Hunt's articles are actually great. I've been a long time follower of both him and his buddy Scott Helme.
I also picked one up on the same offer. Oh well, I'm still going ahead with it.
Reminded me of Dewlance, he just got EV SSL earlier this year.
https://www.lowendtalk.com/discussion/138863/i-got-my-ev-ssl-after-1-month
I am still looking for a deal for an EV...
How much was the Namecheap promo if you don't mind my asking? I don't particularly want EV these days but am curious.
I read the article a few months ago and definitely agree.
We have a few sites on EV (which I think we pay $200/yr+ for each) but in ~Q2 next year we'll be moving away from them as browser highlights them less and less and it fucking ballache to renew with all the stupid D&B bullshit, phone calls, faxes. As an added benefit we then no longer need the $200/mo cloudflare subscription.
I think Comodo is usually around $70/y if you shop a little. I wondered if the Namecheap promo was a lot less than that.
They were $28.88 if you got the Black Friday/Cyber Monday coupon.
Right now Namecheap has them for $78.88...
https://www.namecheap.com/security/ssl-certificates/comodo/ev.aspx
$28.88.