Free SSL/TLS Certificate Authority

[Lost]

Coming summer 2015:
https://letsencrypt.org/

Looks very interesting, especially because of the automated certificate management they plan to implement. No more excuses...

 

[rdn]

https://www.startssl.com/?app=1

 

[Lost]

I know about startssl, but the thing that makes letsencrypt.org interesting, is the automated certificate management. No more manually having to install certs and forgetting to renew them is a thing of the past. It will make it trivial to use https on your website.

 

[Andy.N]

While SSL cert is getting cheaper (it used to cost several hundred dollars each year from big name providers), do we trust our sites on a company that provides free ssl?
What's the catch?

 

[Kintaro]

https://letsencrypt.org is coming!

 

[rdn]

I got mine here
Multi Domain FREE SSL: https://buy.wosign.com/free/

 

[TPerry]

I got mine here
Multi Domain FREE SSL: https://buy.wosign.com/free/

https://news.ycombinator.com/item?id=8982013

Interesting little discourse about that site... issuing in SHA1 (outmoded)

 

[rainmotorsports]

While SSL cert is getting cheaper (it used to cost several hundred dollars each year from big name providers), do we trust our sites on a company that provides free ssl?
What's the catch?

Part of the cost of getting a certificate now or in the past is the fact that you are basically purchasing liability insurance with it. Which is generally required or desired for store fronts etc. Beyond that its just maintenance and for a small forum who just wants https the certs really shouldnt be more than a couple bucks to keep the authority maintained properly. But there is the whole trust issue still.

 

[eva2000]

https://news.ycombinator.com/item?id=8982013

Interesting little discourse about that site... issuing in SHA1 (outmoded)

old news they have sha256 now

Session Tickets RFC 5077     86400 seconds
Server key size              2048 bit
Signature Algorithm          SHA256 with RSA
Fingerprint / Serial         SHA1 E737D0911D60FFAD925DC4B07FC9A330E91D2C32 / 1188F371489C6D91CD380851FB274515
                              SHA256 5877AB22697AED02B30357FFBBF9AA53239E1934C565288591865991D5C8D19C
Common Name (CN)             mydomain2.com (CN response to request w/o SNI: mydomain2.com)
subjectAltName (SAN)         mydomain2.com www.mydomain2.com mydomain.com
Issuer                       WoSign CA Free SSL Certificate G2 (WoSign CA Limited from CN)
Certificate Expiration       >= 60 days (2015-03-24 23:54 --> 2018-03-25 00:54 +0000)
# of certificates provided   3
Certificate Revocation List  http://crls6.wosign.com/ca6-server1-free.crl
OCSP URI                     http://ocsp6.wosign.com/ca6/server1/free
OCSP stapling                OCSP stapling offered

 

[rdn]

https://news.ycombinator.com/item?id=8982013

Interesting little discourse about that site... issuing in SHA1 (outmoded)

If you visit their page:

 

[rdn]

https://news.ycombinator.com/item?id=8982013

Interesting little discourse about that site... issuing in SHA1 (outmoded)

A+ here: https://www.ssllabs.com/ssltest/analyze.html?d=box.phcorner.org
Without any bad/red notice.

 

[Cyb3r]

A+ here: SSL Server Test: box.phcorner.org (Powered by Qualys SSL Labs)
Without any bad/red notice.

This is really awesome, I just bought my COMODO Domain Validation Certificate, but it only includes the main domain, does this worth getting? does it includes subdomains?

Edit: I just applied for it, lets hope they approve me.

 

[rdn]

does it includes subdomains?

It includes everything you want, unlimited domains .

 

[Cyb3r]

It includes everything you want, unlimited domains .

I'm little confused, they just responded to me and this what it looks like:

Your order details:
Certificate Name: Free SSL Certificate
Certificate Type: SSL Certificate
Period: 3 year(Expiry Date:2018-07-12 05:07:47)
Domain in Subject: test.com,www.test.com

By domain "Domain in Subject" they included the main domain only or it's full domain certificate?

 

[rdn]

They will include every domain you put in "Domain name" here when you signup - 沃通数字证书在线申请 WoSign数字证书:SSL证书 | 代码签名证书 | EV SSL证书 | OV SSL证书 | DV SSL证书 | 2048位服务器证书,全球通用, 支持所有浏览器和服务器, 全面支持中文和中文域名! .

 

[Cyb3r]

They will include every domain you put in "Domain name" here when you signup - 沃通数字证书在线申请 WoSign数字证书:SSL证书 | 代码签名证书 | EV SSL证书 | OV SSL证书 | DV SSL证书 | 2048位服务器证书,全球通用, 支持所有浏览器和服务器, 全面支持中文和中文域名! .

I didn't include any subdomains how to include them now?

 

[rdn]

I didn't include any subdomains how to include them now?

Just re-issue a new certificate.
Same method .

 

[Kintaro]

some news:
https://letsencrypt.org/2015/09/14/our-first-cert.html

 

[eberkund]

some news:
https://letsencrypt.org/2015/09/14/our-first-cert.html

It looks like it go delayed yet again. It was originally supposed to come out in the summer, then September, now Q4 lol

 

[Jeremy P]

It has been delayed a few times, but being a certificate authority isn't exactly simple, especially when you want to become the defacto free one with auto-configuration.

At this point, it's mostly up to browser vendors to include the root certs so that anything they issue is marked as valid:
https://code.google.com/p/chromium/issues/detail?id=531672
https://bugzilla.mozilla.org/show_bug.cgi?id=1204656