Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

AlphaSSL certificates bought from hostmybytes revoked - Page 6
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

AlphaSSL certificates bought from hostmybytes revoked

12346»

Comments

  • zeitgeistzeitgeist Member

    @angrysnarl said:
    Someone's got quite a lot of time on their hands. ;)

    Got the flu. :(

    Thanked by 1rokok
  • miTgiBmiTgiB Member

    Amitz said: I guess I will order one of your Wildcard SSLs then! Just for final clarification (I never dealt with Wildcard SSLs) - the subdomains can be hosted on different servers than the domain itself, right?

    Yes, with a wildcard, you can use the certificate on as many servers as are within the *.domain.com realm. Simply generate your CSR for *.domain.com (or whatever domain you need the cert for) and once you have completed the approval domain validation emails the cert and bundle will be in your account, so easy retrieval for as long as I remain in business. So standard disclaimer, I could drop dead tomorrow, but I am not the one man show everyone thinks I am either.

    Thanked by 1Amitz
  • AmitzAmitz Member
    edited September 2015

    @miTgiB I always thought that I could contact the issuing authority (like Comodo in this case) for a re-issue in case that the reseller disappears for any reason. So it isn't like that?

  • bobbybobby Member

    Really, what do you expect when paying peanuts to clowns for something that usually cost a lot more?

    Thanked by 1Francisco
  • NihimNihim Member

    Just a heads up: https://www.nazwa.pl/certyfikaty-ssl/
    asked me to send them ID photocopy etc when I created a new account.

  • miTgiBmiTgiB Member

    @Amitz said:
    miTgiB I always thought that I could contact the issuing authority (like Comodo in this case) for a re-issue in case that the reseller disappears for any reason. So it isn't like that?

    That would seem reasonable I will have to look if true

    Thanked by 1Amitz
  • AmitzAmitz Member

    @miTgiB said:
    That would seem reasonable I will have to look if true

    Not that I know this as a fact - I was just always assuming that there had to be a way like that. I am very much looking forward to what you find out!

  • miTgiBmiTgiB Member

    Amitz said: Not that I know this as a fact - I was just always assuming that there had to be a way like that. I am very much looking forward to what you find out!

    Nothing in the wiki from the reseller I am using, but I will see what I can find upstream

    Thanked by 1Amitz
  • 4n0nx4n0nx Member

    bobby said: Really, what do you expect when paying peanuts to clowns for something that usually cost a lot more?

    Are you saying you would call $50 an appropriate price for a certificate that requires no human interaction nor effort whatsoever?

    Thanked by 2NeoXiD elgs
  • QuadraNet_AdamQuadraNet_Adam Member
    edited September 2015

    Fidde said: I'm not sure what to think :o

    Was all the revoked certificates an error :o

    @HostMyBytes

    Can you confirm whether HostMyBytes will be offering SSL's again or not since SingleHop mentioned to @Fidde that this was an issue on the SSL issuer's end, and not revoked for abuse?

  • FiddeFidde Member

    QuadraNet_Adam said: @HostMyBytes

    Can you confirm whether HostMyBytes will be offering SSL's again or not since SingleHop mentioned to @Fidde that this was an issue on the SSL issuer's end, and not revoked for abuse?

    I don't think and hope that they won't revoke more certs. Not all of my certs were revoked and not a single one is used within their network. Even a cert issued <30 days was revoked. I'll just have to issue a few new certs to replace the old ones and see if the old and new are revoked.

  • wwwcomwwwcom Member

    So in summary the cheapest legit, low-hassle wildcard SSL cert available is $40/year ?

    Unless you want to fax your personal info to either Poland (nazwa) or Israel (StartSSL) and get your location/email embedded in the cert?

    Or use the chinese issuer (WoSign) with long ocsp delay for a 10 subdomain cert?

    Did I miss anything?

    Surprised there aren't more SSL issuers, it seems like a license to print money.

    People have also mentioned using the free cloudflare certificates but I don't see how you could do that without routing all your traffic through their servers, unless I am missing something.

  • zeitgeistzeitgeist Member

    Or use the chinese issuer (WoSign) with long ocsp delay for a 10 subdomain cert?

    You could prevent the delay for your visitors by implementing ocsp stabling and caching the ocsp response.

    Thanked by 1asf
  • rm_rm_ IPv6 Advocate, Veteran
    edited September 2015

    wwwcom said: long ocsp delay

    zeitgeist said: the delay

    What long delay? Stop repeating this silly scarecrow myth. Testing from Paris, France:

    # time curl -s http://crls2.wosign.cn/ca2g2-server1-free.crl > /dev/null

real    0m0.084s
user    0m0.012s
sys 0m0.016s

# host crls2.wosign.cn
crls2.wosign.cn is an alias for os.wosign.awsr53.qihucdn.com.
os.wosign.awsr53.qihucdn.com has address 54.154.148.49
os.wosign.awsr53.qihucdn.com has address 54.229.101.94

# ping crls2.wosign.cn
PING os.wosign.awsr53.qihucdn.com (54.229.101.94) 56(84) bytes of data.
64 bytes from ec2-54-229-101-94.eu-west-1.compute.amazonaws.com (54.229.101.94): icmp_req=1 ttl=52 time=17.4 ms
64 bytes from ec2-54-229-101-94.eu-west-1.compute.amazonaws.com (54.229.101.94): icmp_req=2 ttl=52 time=17.1 ms
64 bytes from ec2-54-229-101-94.eu-west-1.compute.amazonaws.com (54.229.101.94): icmp_req=3 ttl=52 time=17.1 ms
64 bytes from ec2-54-229-101-94.eu-west-1.compute.amazonaws.com (54.229.101.94): icmp_req=4 ttl=52 time=17.2 ms
^C
--- os.wosign.awsr53.qihucdn.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 17.139/17.222/17.400/0.140 ms
  • zeitgeistzeitgeist Member

    rm_ said: What long delay? Stop repeating this silly scarecrow myth. Testing from Paris, France:

    My, aren't we friendly? Since you added me in your quote... I didn't spread any myths. OCSP stabling works with any SSL cert provider to reduce delays when checking for the revocation status.

  • tommytommy Member

    WOSIGN OCSP already using CDN.

    test from various location

    PING os.wosign.awsr53.qihucdn.com (54.254.249.27) 56(84) bytes of data.
64 bytes from ec2-54-254-249-27.ap-southeast-1.compute.amazonaws.com (54.254.249.27): icmp_seq=1 ttl=55 time=18.9 ms
64 bytes from ec2-54-254-249-27.ap-southeast-1.compute.amazonaws.com (54.254.249.27): icmp_seq=2 ttl=55 time=2.19 ms
64 bytes from ec2-54-254-249-27.ap-southeast-1.compute.amazonaws.com (54.254.249.27): icmp_seq=3 ttl=55 time=2.20 ms
64 bytes from ec2-54-254-249-27.ap-southeast-1.compute.amazonaws.com (54.254.249.27): icmp_seq=4 ttl=55 time=2.35 ms

PING os.wosign.awsr53.qihucdn.com (52.76.19.134) 56(84) bytes of data.
64 bytes from ec2-52-76-19-134.ap-southeast-1.compute.amazonaws.com (52.76.19.134): icmp_req=1 ttl=52 time=69.4 ms
64 bytes from ec2-52-76-19-134.ap-southeast-1.compute.amazonaws.com (52.76.19.134): icmp_req=2 ttl=52 time=69.3 ms
64 bytes from ec2-52-76-19-134.ap-southeast-1.compute.amazonaws.com (52.76.19.134): icmp_req=3 ttl=52 time=69.4 ms

PING os.wosign.awsr53.qihucdn.com (54.229.101.94) 56(84) bytes of data.
64 bytes from ec2-54-229-101-94.eu-west-1.compute.amazonaws.com (54.229.101.94): icmp_req=1 ttl=52 time=17.0 ms
64 bytes from ec2-54-229-101-94.eu-west-1.compute.amazonaws.com (54.229.101.94): icmp_req=2 ttl=52 time=17.0 ms
64 bytes from ec2-54-229-101-94.eu-west-1.compute.amazonaws.com (54.229.101.94): icmp_req=3 ttl=52 time=17.0 ms
64 bytes from ec2-54-229-101-94.eu-west-1.compute.amazonaws.com (54.229.101.94): icmp_req=4 ttl=52 time=17.1 ms

PING os.wosign.awsr53.qihucdn.com (54.229.101.94) 56(84) bytes of data.
64 bytes from ec2-54-229-101-94.eu-west-1.compute.amazonaws.com (54.229.101.94): icmp_req=1 ttl=50 time=55.2 ms
64 bytes from ec2-54-229-101-94.eu-west-1.compute.amazonaws.com (54.229.101.94): icmp_req=2 ttl=50 time=55.2 ms
64 bytes from ec2-54-229-101-94.eu-west-1.compute.amazonaws.com (54.229.101.94): icmp_req=3 ttl=50 time=55.2 ms
64 bytes from ec2-54-229-101-94.eu-west-1.compute.amazonaws.com (54.229.101.94): icmp_req=4 ttl=50 time=55.2 ms
    Thanked by 1rm_
  • wwwcomwwwcom Member

    China is letting one of their corporations use amazonaws? That won't last long.

    By the way, I found a report of China blocking all startssl certs from getting through a year or two ago.

  • pechspilzpechspilz Member
    edited September 2015

    @tommy said:
    WOSIGN OCSP already using CDN.

    Just found out this the other day as well. However, they seem to be banning entire network ranges from accessing their authoritative DNS servers. Which I think is a pretty lame move since what they're banning is most likely spoofed anyway. I had to disable OSCP stapling for a Wosign cert because of this.

  • WilliamWilliam Member

    wwwcom said: China is letting one of their corporations use amazonaws? That won't last long.

    Many Chinese corps use Amazon for foreign visitors.

  • elwebmasterelwebmaster Member

    WoSign is fine once you setup stapling on the server.

  • RhysRhys Member, Host Rep
    edited September 2015

    WoSign is working for me including stapling.

Sign In or Register to comment.