Least expensive wildcard cert?

FATeknollogee

They got caught backdating certs & doing some other funky stuff.
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
https://www.theregister.co.uk/2016/10/10/heads_roll_as_qihoo_360_moves_to_end_wosign_startcom_certificate_row/

JaredBusch

@FATeknollogee said in Least expensive wildcard cert?:

They got caught backdating certs & doing some other funky stuff.
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
https://www.theregister.co.uk/2016/10/10/heads_roll_as_qihoo_360_moves_to_end_wosign_startcom_certificate_row/

To my understanding, it was WoSign that did this stuff, not StartCom. WoSign then secretly bought StartCom. That is the part that killed StartCom.

FATeknollogee

^ Yes, that is correct, not StartCom ^

Question is will StartCom (+ WoSign) ever recover since they have not yet claimed that they are dead or out of business!

scottalanmiller

@FATeknollogee said in Least expensive wildcard cert?:

^ Yes, that is correct, not StartCom ^

Question is will StartCom (+ WoSign) ever recover since they have not yet claimed that they are dead or out of business!

Lenovo is doing well selling to people who can't remember the biggest news in IT security ever, even thought it is recent, and that is far worse. So I imagine that the average shop will just ignore the security problems here and keep giving them money.

dafyre

I was looking at a cell phone the other day and saw Lenovo. I closed the page and washed my eyes out with soapy water.

FATeknollogee

@scottalanmiller said in Least expensive wildcard cert?:

Lenovo is doing well selling to people who can't remember the biggest news in IT security ever, even thought it is recent, and that is far worse. So I imagine that the average shop will just ignore the security problems here and keep giving them money.

True, but the browser folks (Mozilla, Google, Apple & Msft) will have more influence on whether or not they stay alive.
What can they do if no browser's will trust their certs?

scottalanmiller

@FATeknollogee said in Least expensive wildcard cert?:

@scottalanmiller said in Least expensive wildcard cert?:

Lenovo is doing well selling to people who can't remember the biggest news in IT security ever, even thought it is recent, and that is far worse. So I imagine that the average shop will just ignore the security problems here and keep giving them money.

True, but the browser folks (Mozilla, Google, Apple & Msft) will have more influence on whether or not they stay alive.
What can they do if no browser's will trust their certs?

Maybe, we will see.

JaredBusch

@scottalanmiller said in Least expensive wildcard cert?:

@FATeknollogee said in Least expensive wildcard cert?:

@scottalanmiller said in Least expensive wildcard cert?:

Lenovo is doing well selling to people who can't remember the biggest news in IT security ever, even thought it is recent, and that is far worse. So I imagine that the average shop will just ignore the security problems here and keep giving them money.

True, but the browser folks (Mozilla, Google, Apple & Msft) will have more influence on whether or not they stay alive.
What can they do if no browser's will trust their certs?

Maybe, we will see.

Only 2 browsers are not trusting them right now though. Here is the image I posted above.

Kait

Take a look at https://www.cheapsslshop.com/wildcard-ssl-certificates

I have very good experience with them.

henriette

Not recently but before some year purchased from one reputed ssl provider clickssl. 10 out of 10 for their customer support.

IRJ

@JaredBusch said in Least expensive wildcard cert?:

@scottalanmiller said in Least expensive wildcard cert?:

@FATeknollogee said in Least expensive wildcard cert?:

@scottalanmiller said in Least expensive wildcard cert?:

Lenovo is doing well selling to people who can't remember the biggest news in IT security ever, even thought it is recent, and that is far worse. So I imagine that the average shop will just ignore the security problems here and keep giving them money.

True, but the browser folks (Mozilla, Google, Apple & Msft) will have more influence on whether or not they stay alive.
What can they do if no browser's will trust their certs?

Maybe, we will see.

Only 2 browsers are not trusting them right now though. Here is the image I posted above.

Thank God that they support Netscape Navigator....