New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Trusted everywhere where StartSSL is trusted. So pretty much all browsers. Only some old browsers might not trust it.
Rest depends on your config. Like ciphers and etc.
It's a perfect free SSL solution. Far away from the StartSSL private information BS.
this not best, the root CA is startssl, it's allways free.
Learn some (more) English please.
Yes, WoSign CA was cross signed by StartSSL. However WoSign out of the two currently available free SSL providers (Let's Encrypt has not started, yet. So not mentioned as 3rd) is the best because it does not ask you for any private information while StartSSL needs your private information such as name, address and etc. StartSSL is a Israeli company... Other good things about WoSign: a) certificates are issued quickly and fully automatically b) you can request unlimited certificates.
So whatever. I rather use StartSSL cross signed certificates from a Chinese company than having to provide my details to some Israeli company and go through a long process for a normal certificate. The security is not even a bit different and also the same setup.
I think we can agree that personal data in that case is worth more than $5 - $10 for a certificate.
I want the SMTP password
(I'm joking, but why not just get a cheap PositiveSSL (don't use it for production though and you'll be fine))
Why not for production?
When StartSSL asks for personal data? They only asked me to verify my email address for login and I can get free SSL from them without giving any personal detail.
You mean "why not just pay when you can get essentially the same product for free"? You must have too much money and/or no concern for them, maybe you don't earn yourself but parents give you an allowance.
I think you have to register with them again to get your memory refreshed regarding that. When you create an account you are asked to provide your personal information such as name, second name, full address, country and etc.. with phone number.
Sometimes you just need a memory refresh.
is providing above information really an issue?
I thought you have to submit your ID, driver license or something, every website on the internet is selling something will require you to input these details? But very few would ask you for submit ID to verify.
This can happen. They might temporarily close your account and ask for verification details such as a scan of your ID, drivers license or other documents.
This is fun to read https://danconnor.com/post/50f65364a0fd5fd1f7000001/avoid_startcom_startssl_like_the_plague_
In short it's not worth giving this information nowadays for a domain validated certificate. We're in a time where TLS starts to be adepted to all sites and not just to login pages, banks and etc. So these certs should be easily obtainable for the easiest task for safe and secure browsing with encryption.
EV SSL and etc is something different of course requires some kind of verifiction.
Meh. A self signed SHA-512 SSL certificate is as secure as any SSL certificate you can buy. Even more secure than most as they use SHA-256 mostly. So paying money for domain validated certs becomes slowly a thing of obsolence.
Yes and no. The CA system is broken, but you are giving up a layer of confirmation by using a self-signed certificate.
I don't even
I have something called "a job." Besides, PositiveSSL is fine for personal website or small business. At least PositiveSSL has $10,000 insurance - rather than a free WoSign certificate. I was just saying to not use WoSign for business use anyeay.
Yeah thanks I have no further questions to you.
Has any CA ever paid out insurance money?
Why is there any insurance offered anyway?
Anybody has successfully claimed any? How does the claim works?
For their class one certificates it's just an email address and normal name, address, phone number type stuff. Class 2 and up require you to verify with some more information
"some more information" can be even needed for the simple certificate if the guys at StartSSL simply think there is something wrong with you or whatever. So better always watch out.
Lol... Since when having an income means having to pay? If you are talking about free stuff either just stick to it or stfu, pretty please. If that's the case someone will with a higher income than you will popup and say buy X certs for $YY...
Also, from business to business it might differ. In many scenarios it is "Who cares if it's positive or start or wosign ssl"
You need to have valid proof of loss. Plus, you must prove that it was as a result of the CA's practices, not your bad SSL configuration or software vulnerabilities.
Yea, it is essentially useless.
What kind of proof?
This is impossible to proof as it is beyond our control.
So, I guess nobody has successfully claim any incident?
WoSign updates their free tier again, now in the direction of improvement, the free one instead of 1 year 1 domain only, now supports 5 domains and up to 2 years. -- https://buy.wosign.com/free/
But
So what?
If you add more than 5 domains then you'll pay anyway.
that's what i'm trying to say i love the new way how they implemented the free certification program
probably that's their way to react on let's encrypt gain of popularity...
nothing new at all, they do so since some weeks... ;-)
someone mentioned it somewhere here, hence I didn't post about after noticed.
I suppose you mean my comment here: http://www.lowendtalk.com/discussion/comment/1429157/#Comment_1429157