Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WoSign do NOT provide free SAN/UCC certificates anymore
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WoSign do NOT provide free SAN/UCC certificates anymore

cyxaaacyxaaa Member
edited September 2015 in General

https://freessl.wosign.com/1138.html

as what they said in this passage , "most of users applied cert for only one domains and 3% of orders are not for real using , the 3% orders made their systems unstandable " , so "in order to reduce the burden of system , one free cert will apply only for one domain and one year valid"

Why seems so kidding , they just reduced the number of domains that free cert could apply some days ago.......

Thanked by 1teknolaiz

Comments

  • FrecyboyFrecyboy Member
    edited September 2015

    Let's Encrypt is coming, don't cry...

  • @Frecyboy said:
    Let's Encrypt is coming, don't cry...

    if wosign apply cert only one domain and one year , i'd rather use StartSSL ... wtf ...
    Lets' Encrypt should come near center of Nov.... still need to wait....

  • cyxaaa said: Why seems so kidding , they just reduced the number of domains that free cert could apply some days ago.......

    You are complaining on a very high level here, considering this was a free service...

    Thanked by 1MikePT
  • SaahibSaahib Host Rep, Veteran

    Well, they already succeeded to get recognizable among their potential market, I guess they had planned it right in beginning.

  • Me sad :(

  • Wow, just yesterday I generated a 3-years multi-domain cert with them. Call me lucky.

    Thanked by 2rm_ scy
  • rm_rm_ IPv6 Advocate, Veteran

    Renewed mine for 3 years very recently too, when they reduced the limit to 10 domains. Guessed that something like this was going to happen (although I expected them to stop providing free certs entirely).

  • @William said:
    You are complaining on a very high level here, considering this was a free service...

    no, I just feeling amazing about how quick they changed..... they started to provide free SAN/UCC cert from the beginning of this year and this service last only 9 months
    (they provide free single domain for one year valid before that too).

  • scyscy Member
    edited September 2015

    cyxaaa said: "most of users applied cert for only one domains and 3% of orders are not for real using , the 3% orders made their systems unstandable " , so "in order to reduce the burden of system , one free cert will apply only for one domain and one year valid"

    This is bullshit as it was automated. what was the difference for them to sign a cert witn 1 domain or 100 subdomain?

    None. But yeah, i guess the free offer was making it difficult for them to sell their bigger packages...

    Got mine not long ago but would have liked to add a subdomain... guess I'll have to wait to see what letsencrypt has to offer!

  • joepie91joepie91 Member, Patron Provider

    Smells like marketing strategy to me, as well.

    Thanked by 2Francisco jvnadr
  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @joepie91 said:
    Smells like marketing strategy to me, as well.

    I guess that's better than the previous smell which was 'The chinese government wants mah keyz'

    Thanked by 1joepie91
  • joepie91joepie91 Member, Patron Provider
    edited September 2015

    Francisco said: I guess that's better than the previous smell which was 'The chinese government wants mah keyz'

    Then again, I don't believe they'd ever get your keys?

    They were too buggy for me to actually get through to the registration process, but most CAs just sign your certificate, without expecting to see your private key. So they'd not be a danger to their users in particular; at worst, they'd be a danger to the internet in general (through signing of 'rogue' certificates for stuff like MITM attacks or malware deployment).

    Thanked by 1Clouvider
  • @joepie91 I found their certification process rather easy and pleasant to use. Oh well, I am sad that they are no longer offering this free service. I am still not sure about their connection to StartSSL - perhaps the latter wasn't all to happy about the free 3-years SAN certificates? Or perhaps the service was abused by spammers/phishers using for a quick and free method to mass-certify malicious throwaway hosts?

  • joepie91joepie91 Member, Patron Provider

    @zeitgeist said:
    joepie91 I found their certification process rather easy and pleasant to use. Oh well, I am sad that they are no longer offering this free service. I am still not sure about their connection to StartSSL - perhaps the latter wasn't all to happy about the free 3-years SAN certificates? Or perhaps the service was abused by spammers/phishers using for a quick and free method to mass-certify malicious throwaway hosts?

    I've expanded a bit more on my issues with WoSign here.

    AFAIK there's no relation between WoSign and StartSSL. Marketing strategy is the most plausible theory I've seen so far.

  • @joepie91 said:
    AFAIK there's no relation between WoSign and StartSSL. Marketing strategy is the most plausible theory I've seen so far.

    If I'm not mistaken, StartSSL has cross-signed WoSign's root.

  • berkay said: If I'm not mistaken, StartSSL has cross-signed WoSign's root.

    You are not mistaken, they indeed have cross signed it. At least on the one I have anyways.

  • joepie91joepie91 Member, Patron Provider

    @berkay said:
    If I'm not mistaken, StartSSL has cross-signed WoSign's root.

    Huh, strange. I thought WoSign were their own CA.

  • I revoke all the WoSign CAs a year ago...since I don't trust chinese much..

    (with this: https://github.com/chengr28/RevokeChinaCerts )

    And starting from a few months ago I was getting CERT REVOKED errors with many sites (even those outside China..)

    Since I was thinking of trusting WoSign as an exemption, this is a good news..

    BTW, I personally use StartSSL for free certs.

  • joepie91 said: Huh, strange. I thought WoSign were their own CA.

    They are, but they're not included everywhere yet. Over the past year or so they've been added by Mozilla and Microsoft, but I think they're still waiting on Apple and Google.

  • rm_rm_ IPv6 Advocate, Veteran
    edited September 2015

    joepie91 said: Huh, strange. I thought WoSign were their own CA.

    They are, but they only got included in browses quite recently.
    http://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20141019_changelog

    v998 said: Since I was thinking of trusting WoSign as an exemption, this is a good news..

    Just tried to renew my StartSSL certs these days just in case, but couldn't login into their panel with some CA error, and frankly fed up of having to bother with their cert authentication b/s. So I will keep using WoSign, even with their new free plan (1 domain 1 year), they are still better than StartSSL free.

  • rm_ said: 1 domain 1 year

    No subdomain at all now or just www? StartSSL free has 1 subdomain you can choose..

  • rm_rm_ IPv6 Advocate, Veteran
    edited September 2015

    scy said: No subdomain at all now or just www?

    I assumed it's just www, otherwise it'd be way too strange and uncommon.

    scy said: StartSSL free has 1 subdomain you can choose..

    With WoSign you can just create a few more certs for each subdomain that you need. Maybe will need to set up receiving mail on those to validate, though.

    Thanked by 1scy
  • rm_ said: it'd be way too strange and uncommon.

    Well, startssl let you choose your subdomain.

    rm_ said: With WoSign you can just create a few more certs for each subdomain that you need.

    Nice didn't know that. Not too bad. Thanks!

  • rm_ said: Maybe will need to set up receiving mail on those to validate, though.

    Seems to work with the main domain as validation - no need to do * MX or alike.

  • Yeah, it works with the main domain email addresses.

    Not sure if there is a way to validate a subdomain when you don't control the domain though.

Sign In or Register to comment.