New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Ya, Fix'd.
@jeromeza - I had one of those too. They just refunded both the unused and the revoked cert.
I really can't ask for more considering most of us understood what they were selling in the first place.
centriohost was an a-hole about it accusing everyone of abuse. Tyler is acting more reasonable.
Seems that syncserve alphassl certificates have also been revoked.
See: https://ssldecoder.org/?host=melted.pw:62.210.115.102&port=443&ciphersuites=0
https://ssldecoder.org/?host=cd0.us:62.210.115.102&port=443&ciphersuites=0
Got mine from a different AlphaSSL reseller and it's not revoked... yet. Hopefully it stays like that, I don't want to have to deal with that Israeli company again. (Not in a racist way, in a "i-dont-want-to-send-all-my-documents-which-would-totally-make-identity-theft-possible" way). And there's not many other options, as I need wildcard certificates.
@NeoXiD However, the cert of your domain in the signature is not valid...
Edit: Oh, the problem is a CN mismatch, not any revocation.
We'll also be refunding all the customers but we're waiting for an update. Hopefully, we won't have to choose that way.
Which Israeli company?
What about vmbox.co? IIRC they use singlehop as well and provide free Wildcard SSL's which can be used externally.
StartSSL is from israel.
StartSSL. I would be very vary to send my data to any company in Israel though considering any gov agency can just confiscate that data and use it as they want (like, for Mossad and so on...)
Exactly what @patrick7 said, StartSSL is from Israel. And all documents you send to them (and they require uncensored documents) are stored for atleast 7 years. Don't feel comfortable doing so.
@patrick7: Yes, I know, working on that page right now, DNS still points to the wrong server. Service itself is up, just not the webpage.
EDIT: To sum it up, exactly what @William said.
Quelle surprise! Seriously - at least this will stop all of them providers who are selling SH Certs . Mine haven't been revoked though - but most of them are used on the SH Network
Is it any different than sending your information to Comodo or GeoTrust?
Yes - NSA and CIA (among the other 10+ US agencies) are not known to use local data for forged passports, while this is a common tactic for Mossad and Shabak/Shin Bet.
So where can the regular peasant such as myself go for valid ssl certificates? No resellers, just the source. And why are wildcard certificates so damn expensive?
It's not like the issuer needs huge computing power to generate kbytes of data.
Comodo doesn't need you to send photo copy of your ID to them.
All I want to do is to get rid of the scary warning in the browser. Browser vendors must earn a good money from this business.
Wildcards are so expensive because they want to make (a lot of) money. There is no technical reason.
https://letsencrypt.org/2015/08/07/updated-lets-encrypt-launch-schedule.html
Looks like this week LetsEncrypt will start releasing their free SSLs.
Are they supported by major browsers? It's interesting should major browsers trust them and put their root certs into the browsers, are the browser vendors going to lose all the money from selling certs?
WoSign
Because cartel
Do you REALLY need wildcard, though? It looks silly, first you pretend to be a clueless user who "just wants the scary warning to go away", and then you absolutely must have a wildcard assuming you have a cluster of several dozens of servers, and with their names not even known in advance. What's your usage and how/what for do you use all those subdomains?
Check out their FAQ.
Will certificates from Let’s Encrypt be trusted by my browser?
The short answer is “yes”.
The long answer is that our issuing intermediates will be cross-signed by a widely trusted IdenTrust root (DST Root CA X3). This will allow our certificates to be trusted while we work on propagating our own root. Please see https://letsencrypt.org/2015/06/04/isrg-ca-certs.html59 for more information about the Let's Encrypt intermediate CA.
Yes, I need wildcard, all my servers at least have a web interface. I don't like to see the scary warning anywhere. This probably is my OCD. I see the HTTPS/SSL/TLS serving two purposes, but I have the feeling the browser vendors deliberately blurred the boundary. One is encryption, the other one is authentication. Encryption is necessary, but most of the time, I don't care authentication, especially when my servers talk to each other internally.
If it's just for your own use (non-public), then you could just go with https://www.cacert.org/, free wildcard certs with 6 month validity, just install their root cert into browsers/OSes on your machines.
I see, well I felt my sense of conspiracy strong at the time of asking my question, but I didn't want to reach such conclusions without asking clueless question in the first place!
Thanks for the answer.
Thanks for that option. It's mostly for my company wide use, installing their root cert company wide is still acceptable.
Though if it really is just personal/internal use, you can just roll your own CA and sign certs. One can even use something like EasyRSA to make it simpler.
That's still more work than just using CACert (not to mention way more ghetto), besides by using them you support their cause (in a way), so hopefully some time in a distant future they will finally succeed in getting included into all browsers/etc by default.
Yay, it looks very promising https://letsencrypt.org/howitworks
Not being funny but why are some people here saying they are using singlehop's free ssls? Is there any proof that they have or is it just gossip? If it's just random gossip why are you spreading crap?