Least expensive wildcard cert?

Grey

@scottalanmiller said in Least expensive wildcard cert?:

@Grey said in Least expensive wildcard cert?:

@scottalanmiller said in Least expensive wildcard cert?:

We just use LetsEncrypt and no wild cards.

Do you know if their certs will work for VMWare? The documentation I've read states that they don't have certs for anything except apache and IIS.

Jared and I use them for other things like Nginx. A very is basically a very, they aren't application specific. They don't do wild cards, but I would expect them to work on any web server.

scottalanmiller

Dammit

JaredBusch

@Grey said in Least expensive wildcard cert?:

@scottalanmiller said in Least expensive wildcard cert?:

We just use LetsEncrypt and no wild cards.

Do you know if their certs will work for VMWare? The documentation I've read states that they don't have certs for anything except apache and IIS.

Are you required to have it on the VMWare host? Can you point things to a proxy and let stuff talk through that?

I am sure you could get it on a VMWare host, but the way it works, you would need each host reachable from the public internet.

JaredBusch

@Grey this is one of the places where a purchased SSL (wildcard or just a few SANS) still makes sense. Let's Encrypt is continually improving, but a place with many internal systems wanting to use a 3rd part CA cert is still a use case for a purchased wildcard cert.

BRRABill

I used ssls.com to but a regular certificate and it was crazy cheap, $5.

Their cheapest wildcard looks like it is $85.

Grey

@BRRABill said in Least expensive wildcard cert?:

I used ssls.com to but a regular certificate and it was crazy cheap, $5.

Their cheapest wildcard looks like it is $85.

Thanks. Sent this up the chain! Let's see how things go.

BRRABill

@Grey said in Least expensive wildcard cert?:

@BRRABill said in Least expensive wildcard cert?:

I used ssls.com to but a regular certificate and it was crazy cheap, $5.

Their cheapest wildcard looks like it is $85.

Thanks. Sent this up the chain! Let's see how things go.

I had absolutely no problems with them.

In fact, I was pissed at myself I had been paying so damn much!

Grey

@BRRABill said in Least expensive wildcard cert?:

@Grey said in Least expensive wildcard cert?:

@BRRABill said in Least expensive wildcard cert?:

I used ssls.com to but a regular certificate and it was crazy cheap, $5.

Their cheapest wildcard looks like it is $85.

Thanks. Sent this up the chain! Let's see how things go.

I had absolutely no problems with them.

In fact, I was pissed at myself I had been paying so damn much!

That's a good way to describe my boss' face. He kept asking why there was such a price difference between this and Symantec's certs since that's what the org has been using for many, many years. That led to discussions of root auth and key length, but in the end I kinda just shrugged and said that the certs were no different.

FATeknollogee

StartSSL.com "was" great for stuff like this till they went & messed it all up!

travisdh1

@FATeknollogee said in Least expensive wildcard cert?:

StartSSL.com "was" great for stuff like this till they went & messed it all up!

And made it quite clear they didn't care that they messed it all up. That software developers will make mistakes is a given, that they quickly fix mistakes is what I want to see.

scottalanmiller

@Grey said in Least expensive wildcard cert?:

@BRRABill said in Least expensive wildcard cert?:

@Grey said in Least expensive wildcard cert?:

@BRRABill said in Least expensive wildcard cert?:

I used ssls.com to but a regular certificate and it was crazy cheap, $5.

Their cheapest wildcard looks like it is $85.

Thanks. Sent this up the chain! Let's see how things go.

I had absolutely no problems with them.

In fact, I was pissed at myself I had been paying so damn much!

That's a good way to describe my boss' face. He kept asking why there was such a price difference between this and Symantec's certs since that's what the org has been using for many, many years. That led to discussions of root auth and key length, but in the end I kinda just shrugged and said that the certs were no different.

Easy answer - all free and cheap products have an overpriced equivalent to take advantage of suckers. The very fact that people ask "well why does it cost so much" proves the value of simply overcharching to get their money.

scottalanmiller

@Grey said in Least expensive wildcard cert?:

@BRRABill said in Least expensive wildcard cert?:

@Grey said in Least expensive wildcard cert?:

@BRRABill said in Least expensive wildcard cert?:

I used ssls.com to but a regular certificate and it was crazy cheap, $5.

Their cheapest wildcard looks like it is $85.

Thanks. Sent this up the chain! Let's see how things go.

I had absolutely no problems with them.

In fact, I was pissed at myself I had been paying so damn much!

That's a good way to describe my boss' face. He kept asking why there was such a price difference between this and Symantec's certs since that's what the org has been using for many, many years. That led to discussions of root auth and key length, but in the end I kinda just shrugged and said that the certs were no different.

Easy answer - all free and cheap products have an overpriced equivalent to take advantage of suckers. The very fact that people ask "well why does it cost so much" proves the value of simply overcharching to get their money. If the answer isn't obvious - because people want to spend a lot - then it's obvious why such a trick works.

black3dynamite

StartSSL
StartSSL Identity Validation is the cheapest one that offers wildcards.

travisdh1

@black3dynamite said in Least expensive wildcard cert?:

StartSSL
StartSSL Identity Validation is the cheapest one that offers wildcards.

They're a never use now tho, any new certificates they issue will not be accepted by any major web browser.

JaredBusch

StartCom is actually most likely still a decent service, but they were bought by WoSign who got in trouble for something or another. I do not recall the details of that.

Because a CA has to be completely trustworthy, and the WoSign purchase was secret, boom no more StartCom certs.

0_1486088870550_upload-e9001564-7d41-4461-a6b3-4e6ba9751a90

FATeknollogee

They got caught backdating certs & doing some other funky stuff.
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
https://www.theregister.co.uk/2016/10/10/heads_roll_as_qihoo_360_moves_to_end_wosign_startcom_certificate_row/

JaredBusch

@FATeknollogee said in Least expensive wildcard cert?:

They got caught backdating certs & doing some other funky stuff.
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
https://www.theregister.co.uk/2016/10/10/heads_roll_as_qihoo_360_moves_to_end_wosign_startcom_certificate_row/

To my understanding, it was WoSign that did this stuff, not StartCom. WoSign then secretly bought StartCom. That is the part that killed StartCom.

FATeknollogee

^ Yes, that is correct, not StartCom ^

Question is will StartCom (+ WoSign) ever recover since they have not yet claimed that they are dead or out of business!

scottalanmiller

@FATeknollogee said in Least expensive wildcard cert?:

^ Yes, that is correct, not StartCom ^

Question is will StartCom (+ WoSign) ever recover since they have not yet claimed that they are dead or out of business!

Lenovo is doing well selling to people who can't remember the biggest news in IT security ever, even thought it is recent, and that is far worse. So I imagine that the average shop will just ignore the security problems here and keep giving them money.

dafyre

I was looking at a cell phone the other day and saw Lenovo. I closed the page and washed my eyes out with soapy water.