New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I struggled with that aswell when I used StartSSL in the past. But then I came up with an idea which worked nicely. When requesting a certificate, do it like that:
1) Add example.com
2) Add crtXXX.example.com as a subdomain, XXX can be an increasing number, random hex string or whatever (gonna be the CN)
3) Now add your needed domains/subdomains
The admins confirmed me that they are perfectly fine with that. That way you can easily create new certificates without CN clashes. And the CN doesn't really matter anyways, so nothing speaks against using that technique. Examples:
Certificate: CN=crt001.example.com, SAN=example.com,banana.example.com
Certificate: CN=crt002.example.com, SAN=example.com,banana.example.com,papaya.example.com
...
@NeoXiD wait you can add subdomains with free startssl cert? o_o
@asf any idea what the price is without the discount? for when renewing?
just saw the big ass 80% discount marker on top. So ~55 for renewing.
Fidde mentioned Class 2, my answer was related to that. Sorry to disappoint you. If you trust those guys though, the money is well worth it - SMIME cert, Code Signing cert, unlimited SAN/wildcard... Nowhere as cheap as they offer and no risk of revocation like when using shady AlphaSSL resellers or such.
@NeoXiD o soz my comp is stuttering because i am converting something thx
@Nihim single domain one ~23.5EUR and wildcard ~59EUR...
How is Certum compared to Comodo? Same same but different?
I always tried with *.domain as the main CN and that's why I thought I didn't work. Thanks for sharing!
Seems like a really stupid restriction (and adds huge confusion) then as the only difference is that the main CN says cert001...
Maybe going to stop paying Singlehop and only use StartSSL instead, ~$300 saved per year could be used for something more fun AlphaSSL (Globalsign) does however look nicer when inspecting the cert than "StartSSL" from "Israel" for $300 I could register a business and buy a EV Just cause it looks so sexy
EDIT: Another thing is that your personal info is present in StartSSL certs, the name, City and Email used for verification, gosh let's hope Letsencrypt fixes all my insignificant problems or makes other CA's lower their prices :P
That's mostly server configuration, but even if fixed Chrome will keep flagging the site's connection as not fully secure since the root certificate is weak (yellow warning triangle next to the address bar).
I remember one time my name showed up in the cert, but not anymore, at least not for any of my current startssl certs.
Class 1 only contains email(?) and CN as far as I know but the Class 2 I issued today contains name, location and email.
Yea email & CN it is.
I never got class 2, not sure about that part. Back in the days class 1 had some personal info in there but later it was gone and I was using that for my personal domain until recently got a free wildcard ssl. Will see how that goes, might need to go back for the "swiss army knife".
Got 1 revoked as well. It was from Sync Serve. Already asked for a refund...
I'm thanking myself to have not setup the "Strict-Transport-Security'.
Any of you tried or could get the AlphaSSL seal working on your page? It never worked to me.
Can you share a URL which has this problem? Because the nazwa.pl website itself is using a Certum certificate and the bar looks very green if you ask me, on latest Chrome.
That was actually the business before SingleHop started revoking all the certificates out of their network (as they always said they would).
I can do Comodo PositiveSSL Wildcard for $49.99 and I hope I am viewed as trustworthy
https://hostigation.com/billing/cart.php?a=add&pid=98
That's correct, one cert for 2 domains.
Ha! Understatement! :-)
Who said ssls.com sells AlphaSSL certiicate? I recently checked and it is not selling. If you want AlphaSSL wildcard certificate then after hostmybytes.com, http://www.cheapsslcouponcode.com/store/alphassl.com will be the best option to get highest discount price for aphassl products.
I'm not sure what to think
Was all the revoked certificates an error
A short question:
Does this certificate include 2 (like the cheapsslshop.com offer) or 1 domains for wildcard SSL? I really like your 3-year price!
//Edit: Who are these cheapsslshop.com guys anyway? Private Whois, no company information on their site... Normally not my cup of tea...
Does this certificate include 2 (like the cheapsslshop.com offer) or 1 domains for wildcard SSL? I really like your 3-year price!
Just a single domain, but there are other comodo positive SSL certs that will work for 3 domains
>
How much are those or are they not part of your portfolio?
The multi-domain costs me more than I can offer the wildcard, and the multi-domain wildcard is more than 3x more costly.
There is no bargaining room while offering legit certs unfortunatly
That's why I tend to be more than reluctant with offers like the cheapsslshop.com one above. Something smells wrong about all this. I guess I will order one of your Wildcard SSLs then! Just for final clarification (I never dealt with Wildcard SSLs) - the subdomains can be hosted on different servers than the domain itself, right?
Natural curiosity... so here is what I found:
There is a domain thesslshop.com which redirects to cheapsslshop.com. While thesslshop.com also uses private whois and DNS servers from name.com, its A record points to another direction: 108.168.230.142. That's from a Softlayer customer IP block. According to rwhois, Softlayer identifies the customer as ClickSSL.
Could it be this https://www.clickssl.com/?
Analyzing the HTTP sources of clickssl.com and cheapsslshop.com reveals some interesting similarities.
both sites use an identical piece of inline JS code to handle the mobile navbar.
both sites have the same JS tracking code at the end of each page. One from Google, and at the very end of each page source, one from StatCounter.
ClickSSL has the following contact address:
40 E Main Street, Suite 1002, Newark, DE 19711, US
Registrant of ClickSSL.com is a typical, non-descriptive Delaware company called MozeWeb LLC:
http://www.delwarecorporates.com/corp/82358.html
According to Linkedin, some of the "people" who work at ClickSSL:
https://www.linkedin.com/in/abelwike
https://www.linkedin.com/in/sophieperrone
https://www.linkedin.com/in/sslcertificate
https://www.linkedin.com/in/jaydan
I don't have the time to look into the list of employees; fortunately someone already did: http://lockboxx.blogspot.ch/2014_07_01_archive.html
Anyhow, it's pretty clear that there is a connection between cheapsslshop.com and clickssl.com. One more thing. The Softlayer customer "ClickSSL" has the IP block 108.168.230.140 to 108.168.230.143. Let's see where 108.168.230.140 leads us to:
http://108.168.230.140 -> https://my.getanssl.com/
Who is the registrant of getanssl.com?
Defaultech Limited, Vas. Sofias and Mesogeion 2, Athens, 11527, Greece
According to http://www.getanssl.com, Defaultech Ltd's contact address is actually in Cyprus:
Defaultech Limited, 25th March 7, Nicosia, Cyprus
This, btw, is the address of a tax advisor who helps establish companies in Cyprus (http://www.cytax.eu/).
A company affiliated with Defaultech (and with the same phone number) who frequently appears in this context is:
ez4u, Ioanni Psihari 29, Heraklion, Crete 71305, Greece
Website: http://www.ez4u.gr (fwiw they have a link to http://www.getanssl.com on their page).
It's all circumstantial, of course, but it appears that these are the folks who are behind cheapsslshop.com, clickssl.com & co, and for whatever reasons, they don't want to show their affiliation.
Someone's got quite a lot of time on their hands.
Remind me everyone week not to piss you off.
Thank you for the research, @zeitgeist!