New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
WoSign do NOT provide free SAN/UCC certificates anymore
https://freessl.wosign.com/1138.html
as what they said in this passage , "most of users applied cert for only one domains and 3% of orders are not for real using , the 3% orders made their systems unstandable " , so "in order to reduce the burden of system , one free cert will apply only for one domain and one year valid"
Why seems so kidding , they just reduced the number of domains that free cert could apply some days ago.......
Thanked by 1teknolaiz
Comments
Let's Encrypt is coming, don't cry...
if wosign apply cert only one domain and one year , i'd rather use StartSSL ... wtf ...
Lets' Encrypt should come near center of Nov.... still need to wait....
You are complaining on a very high level here, considering this was a free service...
Well, they already succeeded to get recognizable among their potential market, I guess they had planned it right in beginning.
Me sad
Wow, just yesterday I generated a 3-years multi-domain cert with them. Call me lucky.
Renewed mine for 3 years very recently too, when they reduced the limit to 10 domains. Guessed that something like this was going to happen (although I expected them to stop providing free certs entirely).
no, I just feeling amazing about how quick they changed..... they started to provide free SAN/UCC cert from the beginning of this year and this service last only 9 months
(they provide free single domain for one year valid before that too).
This is bullshit as it was automated. what was the difference for them to sign a cert witn 1 domain or 100 subdomain?
None. But yeah, i guess the free offer was making it difficult for them to sell their bigger packages...
Got mine not long ago but would have liked to add a subdomain... guess I'll have to wait to see what letsencrypt has to offer!
Smells like marketing strategy to me, as well.
I guess that's better than the previous smell which was 'The chinese government wants mah keyz'
Then again, I don't believe they'd ever get your keys?
They were too buggy for me to actually get through to the registration process, but most CAs just sign your certificate, without expecting to see your private key. So they'd not be a danger to their users in particular; at worst, they'd be a danger to the internet in general (through signing of 'rogue' certificates for stuff like MITM attacks or malware deployment).
@joepie91 I found their certification process rather easy and pleasant to use. Oh well, I am sad that they are no longer offering this free service. I am still not sure about their connection to StartSSL - perhaps the latter wasn't all to happy about the free 3-years SAN certificates? Or perhaps the service was abused by spammers/phishers using for a quick and free method to mass-certify malicious throwaway hosts?
I've expanded a bit more on my issues with WoSign here.
AFAIK there's no relation between WoSign and StartSSL. Marketing strategy is the most plausible theory I've seen so far.
If I'm not mistaken, StartSSL has cross-signed WoSign's root.
You are not mistaken, they indeed have cross signed it. At least on the one I have anyways.
Huh, strange. I thought WoSign were their own CA.
I revoke all the WoSign CAs a year ago...since I don't trust chinese much..
(with this: https://github.com/chengr28/RevokeChinaCerts )
And starting from a few months ago I was getting CERT REVOKED errors with many sites (even those outside China..)
Since I was thinking of trusting WoSign as an exemption, this is a good news..
BTW, I personally use StartSSL for free certs.
They are, but they're not included everywhere yet. Over the past year or so they've been added by Mozilla and Microsoft, but I think they're still waiting on Apple and Google.
They are, but they only got included in browses quite recently.
http://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20141019_changelog
Just tried to renew my StartSSL certs these days just in case, but couldn't login into their panel with some CA error, and frankly fed up of having to bother with their cert authentication b/s. So I will keep using WoSign, even with their new free plan (1 domain 1 year), they are still better than StartSSL free.
No subdomain at all now or just www? StartSSL free has 1 subdomain you can choose..
I assumed it's just www, otherwise it'd be way too strange and uncommon.
With WoSign you can just create a few more certs for each subdomain that you need. Maybe will need to set up receiving mail on those to validate, though.
Well, startssl let you choose your subdomain.
Nice didn't know that. Not too bad. Thanks!
Seems to work with the main domain as validation - no need to do * MX or alike.
Yeah, it works with the main domain email addresses.
Not sure if there is a way to validate a subdomain when you don't control the domain though.