Free SSL Certificates

[theparrot]

Do you want to offer https but not have to pay the yearly fees?

Do you want still want a certificate that is at least not self signed?

You can get free certificates for https, as well as other things (secure email for example, or digital code signing) at http://cacert.org/

 

[Dave Zan]

Does the site offer SSL for ecommerce transactions?

 

[GiantDomains]

edit

 

[theparrot]

No, it is not my site. Just something I came across I thought worth sharing.


And to answer the question above, yes they offer ssl certificates that can be used to let people send things such as cc numbers encrypted. The drawback to them is they are no in the browers list of known roots, so they get a warning, and an option to add then to the list. If enough people use them, this problem eventually goes away.

 

[GiantDomains]

The problem with the free ones is they are not recognized by browsers. Most hosts can give you a free one. But browsers are programmed to recognize roots (like geotrust, verisign, etc...), so when you use the free ones on your site, users will get a pop-up "your browser does not recognize the signatory of this certificate. Do you want to trust it? yes/no". So basically, they are useless, unless you don't mind people getting the pop-up.

Oops, I see you posted this too

The problem doesn't go away, but it will on your computer if you save the certificate to your browser.

 

[theparrot]

If enough sites start to use this CA, the problem starts to go away as more people will save the root certificate.

This is what makes using them, rather then a self signed, or a free self signed host certicate more interesting, as once someone adds them for any site the uses them the problem goes away for all the sites that use them and not just the one site it was added for like self signed certificates do. So as it gets more used this becomes less of a problem. There is also talk that they will be included in a future version of mozilla and firefox.


right now they are good for sites that want to offer secure log ins and such, but not really suitable for general ecommerce sites for the reasons we both have mentioned.
As they get used by enough site though, they may become usable even for them in the future.

 

[GiantDomains]

I understand what you are saying. I'd rather pay a few bucks to get a recognized root certificate thought.

 

[andyat11]

i dont get it? what is this?

 

[Corey Bryant]

You can get SSL certs for about $5 a year from www.ev1servers.net

That pop-up that comes up on cacert can be a scary thing for some people unfortunately. It is 128 Bit encryption, which is what matters the most. The second is the browser recognition.

As far as using a shared SSL, this can actually even be worse because there are chances that the cert can be compromised