Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


CloudFlare enabling free SSL by mid-October
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

CloudFlare enabling free SSL by mid-October

«1

Comments

  • Awesome, looking forward to this.

  • Finally some justification for that huge IP allocation they got.

    Thanked by 1switsys
  • rm_rm_ IPv6 Advocate, Veteran
    edited August 2014

    Just in time for... Google Will Give a Search Edge To Websites That Use Encryption

    (Oh, didn't realize this was already mentioned in the CF post)

    Thanked by 1netomx
  • As of today, there are only about 2 million websites that support HTTPS. That's a shamefully low number.

    No it's not. Only sides with a valid need for encryption require it.

    Thanked by 1Janevski
  • rm_ said: Just in time for... Google Will Give a Search Edge To Websites That Use Encryption

    It's about time they start giving a search edge to websites available over IPv6 (or at least say they will).

    Thanked by 1linuxthefish
  • Sounds good. One of the reasons I use CF for DNS only is because I don't want to pay out the ear for SSL support. Maybe this will change, depending on how they set it up.

  • I would love if we could provide our own certificates, but I've already given up CF.

    With Varnish 4 (can transparently replace an unhealthy server), HAProxy 1.5 (routing for Varnish and SSL acceleration), and Tinc 1.1 (for meshed, encrypted communication) in a couple of locations and you basically CF plus extra.

  • @rds100 said:
    Finally some justification for that huge IP allocation they got.

    That needs-based justification for a 3 month supply that didn't get even touched in 3 months? Yeah....

  • Looking forward to this.

  • It's awesome news :-)

  • Finally.

  • Good to hear that because CF is paused on my https site.

  • edanedan Member

    Really great news! Definitely will use CF for more sites.

  • Will this work if i use EV SSL? Or what is the method there :)?

  • So we don't have to pay for SSL certificates anymore?

  • @Chuck said:
    So we don't have to pay for SSL certificates anymore?

    Of course you do.

  • @Gunter said:
    Of course you do.

    Well, not if you use cloudflare.

  • WSCallumWSCallum Member
    edited August 2014

    @drazilox said:
    Well, not if you use cloudflare.

    If you want full SSL (encrypted between the user and CloudFlare, then CloudFlare and your server) then yes you still need an SSL Certificate yourself. Or there is 'Flexible SSL' which is encrypted between the User and CloudFlare, but not between CloudFlare and your Server.

    See this:

  • @WSCallum said:

    Yes, but "Full SSL" accepts ANY certificate (including self-signed). "Full SSL (Strict)" is the one that requires a correct certificate instead, as most browsers do at the moment.

  • @GoodHosting said:
    Yes, but "Full SSL" accepts ANY certificate (including self-signed). "Full SSL (Strict)" is the one that requires a correct certificate instead, as most browsers do at the moment.

    Exactly, some form of certificate (of your own) is still required to gain the 'Full SSL'.

  • In addition, we'll also issue a certificate ourselves that will be trusted by CloudFlare's network which you can install on your origin server in order to ensure end-to-end encryption. It will all be free.

    For your reference, CloudFlare will issue some form of certificate for installation on your server.

  • rm_rm_ IPv6 Advocate, Veteran
    edited August 2014

    GoodHosting said: Yes, but "Full SSL" accepts ANY certificate (including self-signed). "Full SSL (Strict)" is the one that requires a correct certificate instead, as most browsers do at the moment.

    WSCallum said: Exactly, some form of certificate (of your own) is still required to gain the 'Full SSL'.

    So a CACert one (which provides free multi-domain wildcard certificates) will do just as well. Hope CloudFlare would save/check the fingerprint at least, though.

  • Free SSL cert for all? Really??

  • redoredo Member

    If it is about free in Oct, why should they send out this email?

    Hey there!
    
    As a website owner, I bet you care about your Google ranking. Google just announced it will boost the ranking of sites that use secure and encrypted connections. This is part of Google’s efforts to push “HTTPS everywhere” on the web.
    
    CloudFlare has made it simple and easy to adopt HTTPS. You don’t have to purchase a separate certificate or install anything. To enable HTTPS on your website today upgrade to any CloudFlare paid plan - it's that simple. Paid plans start at $20/month.
    
    Upgrade here
    
    Best,
    Eli
    
  • redo said: If it is about free in Oct, why should they send out this email?

    I saw the subject and thought "Wow, free SSL that was quick", but then I read it and thought the same

    Thanked by 1netomx
  • drazilox said: Well, not if you use cloudflare.

    Just an assumption:

    CloudFlare will enable HTTPS for all websites, but you'll need to upload yours valid SSL, which you buyed or got for free. It means, that Flexible SSL will not be possible for free plan.

    I guess that, because they recently published CFSSL pack which is intended for this purpose - to generate, check and upload to CF, SSL certficicates.

  • @WSCallum Thanks for the breakdown. I'll still be grabbing my normal SSL certs and maybe switching over to CF for the HTTPS version of my site, but I dunno. I'm not getting much traffic as it is.

  • netomxnetomx Moderator, Veteran

    @Profforg said:
    I guess that, because they recently published CFSSL pack which is intended for this purpose - to generate, check and upload to CF, SSL certficicates.

    I think that they will enable free SSL, but using a common one. If you want your own, you go pro

  • How do they give out free SSL's to large numbers of domains anyway? What CA lets them do it?

  • Who says they are free? Free is only the cheese in the mouse trap. I guess someone is paying for all these SSL certs.

Sign In or Register to comment.