1. OCAU Merchandise is available! Check out our 20th Anniversary Mugs, Classic Logo Shirts and much more! Discussion in this thread.
    Dismiss Notice

SSL Certificates

Discussion in 'Networking, Telephony & Internet' started by breno, Jul 15, 2017.

  1. breno

    breno Member

    Joined:
    May 3, 2011
    Messages:
    2,031
    Location:
    Melbourne
    I'm looking to buy an SSL certificate for my website. Godaddy has a special on for $5.99 rather than $99/ year.

    Is there any difference between different providers in regards to these certificates?
    The host i'm with, Zuver, has them from $50/ year. I'm thinking of taking opportunity with the godaddy special and then switching when the year expires but i don't really know much about these things so i'm looking for some advice.
    Am i doing the right thing?
     
  2. Splade

    Splade Member

    Joined:
    Jan 13, 2002
    Messages:
    1,699
    Location:
    Sydney 2127
    Why not try letsencrypt?

    Im going to move a couple of sites to that when my godaddy certs expire later in the year.
     
  3. OP
    OP
    breno

    breno Member

    Joined:
    May 3, 2011
    Messages:
    2,031
    Location:
    Melbourne
    Wasn't aware of that, I checked it out and i've got it enabled on my domain now, thanks for the tip.

    I wonder if there is any difference between this and paid certificates?
     
  4. kripz

    kripz Member

    Joined:
    Sep 29, 2004
    Messages:
    2,834
    Location:
    Near Frankston
    you have to renew it manually or set up scripts for the 3 month expiry

    Also doesn't support wildcard domains so you need to add

    a.example.com
    b.example.com
    ..
    z.example.com

    manually
     
  5. Splade

    Splade Member

    Joined:
    Jan 13, 2002
    Messages:
    1,699
    Location:
    Sydney 2127
    WIldcard domains will be available from january :)

    That will make life easy
     
  6. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    6,185
    Location:
    NSW
    nope its a couple of letters on something digital, as far as difference. Like anything digital, there is NO difference, other then symantec...

    Just google symantec ssl certificates and google chrome to see why.
     
  7. hosh0

    hosh0 Member

    Joined:
    May 28, 2007
    Messages:
    8,971
    Location:
    Sydney N.S.W
    What the actual fuck? There is a big difference depending on the SSL provider. Letsencrypt is totally fine, but to say there is no difference is just the worst advice you could give.
     
  8. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    6,185
    Location:
    NSW
    Why?

    Because some say they provide checks to verify the domain name? hahahahahahahahahahahahahahahahaha yeah right.

    Its different if your talking about those that provide "Insurance" or whatever i'd love to see someone having claimed successfully on them. and EV or OV, i wouldn't want to know how little them kind of folks are paid to verify that stuff, and how easy it would be to social engineer them.

    Like i said Google Vs Symantec is a great point in case, along with all the other providers who have done dumb things and given out certs to fraudulant requesters. At the end of the day, its just a name on a few digital bits, paying more for it is stupid in the extreme.

    If you want one of the green EV/OV certs go for it, stump up more cash, but to me it doesn't intrinsically give me anymore trust then any of the other signed certs.

    At the end of the day, next to no users pay any real difference to them, so long as their valid and your browser isn't shitting itself with warnings about them. in 20+ years i've never had a user ever mention to me that our cert is not an EV/OV one. The only likely people to care would maybe be an insurance company assessor looking to get out of a claim.

    Given the OP is looking at spending $9 on a ssl cert, i'd say the difference to them is Zero.
     
  9. hosh0

    hosh0 Member

    Joined:
    May 28, 2007
    Messages:
    8,971
    Location:
    Sydney N.S.W
    For them the difference might be minimal. But to say like everything digital there is no difference is idiotic. Even taking out insurance, EV etc for now. Some just don't offer the same things, wildcard isn't supported in letsencrypt as an example.

    Not to mention the difference between things like automated validation vs manual validation etc.
     
  10. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    6,185
    Location:
    NSW
    wildcard is coming to letsencrypt next year, and personally given almost all data breaches for exfiltration have come from lazy outsourced staff giving access to things they shouldn't, i'd trust an automated check rather then a human one.

    I know its gonna wind you up, but to me its similiar to using dvd decryptor of ffmpeg or whatever to decrypt a dvd and recode it to something else, all other settings being even. The only real difference is the copyright stamp at the end of the stream. If you want to pay for that be my guest. GIven the symantec issue, and all their sub sellers, it just goes to show that just because your paying big bucks for a "EV/OV" Cert doesn't mean the moron behind the check is any better or worse then the freeby provider.

    Also given that google uses a DV or "Cheap" according to you ssl cert, i think that is good enough for the world. I could also bring up the mountain-america case as well as a bunch of others.

    Take from that what you will.
     
  11. kripz

    kripz Member

    Joined:
    Sep 29, 2004
    Messages:
    2,834
    Location:
    Near Frankston
    Good to know wildcard is cominh, it has put me off using more subdomains just because i dont want to modify my configs and scripts, too scared to break something. :lol:
     
  12. hosh0

    hosh0 Member

    Joined:
    May 28, 2007
    Messages:
    8,971
    Location:
    Sydney N.S.W
    It's coming, doesn't mean it's there mate. That is my entire point, not all are the same! You can spin it how you want to, but if you think in any digital asset there are no differences you have no idea what you are talking about.
     
  13. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    5,026
    SSL certs are annoying.

    Generating your own is a cake walk, and that gets your end-to-end encryption sorted and when it comes to MITM attacks it's no more safer than an equivalent certificate generated from any authority.

    You just have to trust that the user knows to only accept correct certificates and not any old cert that gets presented.

    Certificate authorities and chains are a joke,why should you trust any of them any more than any other to do secure entity checking, but thats what it comes down to, the cert encryption is the same it's just the rubber stamp on the front that is different.
     

Share This Page

Advertisement: