I think the business model of StartSSL and others, is that they give certificates for free, but you have to pay a lot in case you need to revoke a certificate.
my 2 cents Saverio 2015-02-14 19:31 GMT+01:00 Alessandro Di Federico <ale+o...@clearmind.me>: > On Sat, 14 Feb 2015 18:21:41 +0100 > phaidros <phaid...@subsignal.org> wrote: > >> Nope, I would vote against StartSSL. I know it is free, but the >> procedure sucks, and honestly: there is *one* company on the planet >> givin out *free* SSL Certs .. if that doesn't ring bells, I dunno what >> could :) > > They just say you're who you say you are, they don't have your private > key. In any case, if you don't trust them, it doesn't matter, because > they're part of the trusted set of the PKI, so everyone trusts them > (and can be fooled by them). We could start talking about > certificate pinning, but I don't think it's a priority right now. > > On Sat, 14 Feb 2015 09:35:29 -0800 > "Constantine A. Murenin" <muren...@gmail.com> wrote: >> No, WoSign also does. >> >> https://www.wosign.com/english/price.htm >> >> In fact, WoSign gives out free certificates valid for 2-years, and >> they also even let you have multiple CNs in the same cert (although >> wildcast for free is not supported). > > Never tried them. StartSSL certificates last one year and are valid for > one second level domain (e.g. openwrt.org) and a third level > domain(e.g. wiki.openwrt.org), but you can have as many of them as you > want (e.g. one for openwrt.org+wiki.openwrt.org and one for > openwrt.org+www.openwrt.org). > > If the admins are interested in *my* help I'd go for StartSSL, for the > simple reason that it takes 30 seconds to generate a new certificate, > since I'm already using it. > > In the future, we'll all use Let's encrypt and be happy [1]. > > In any case, I'd avoid CACert [2]. > > -- > Alessandro Di Federico > > [1] https://letsencrypt.org/ > [2] https://bugzilla.mozilla.org/show_bug.cgi?id=215243 > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
