[150171] in North American Network Operators' Group
Re: X.509 Certs For Personal Use
daemon@ATHENA.MIT.EDU (John Levine)
Fri Feb 17 22:33:38 2012
Date: 18 Feb 2012 03:32:10 -0000
From: "John Levine" <johnl@iecc.com>
To: nanog@nanog.org
In-Reply-To: <20120218010729.GA10033@ussenterprise.ufp.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I use these guys: http://www.cheapssls.com/
They sell Geotrust and Comodo certs for under $10/yr. The hassle
level is quite low. First you order a cert providing the usual
billing info, then you go to their web site, pick the order you just
paid for, go to a screen where you paste in your signing request, and
pick which e-mail address to send the confirmation message to. Click
a URL in the confirmation message and the signed cert shows up in a
few minutes. The certs are chained, but I've had no acceptance
problems once I realized I had to to add an extra Apache config line
to serve the intermediate cert.
If you get a Comodo cert for example.com, it'll also work for
www.example.com. Other than that, they seem to be equivalent.
If you just want something for testing, http://freessl.com/ will
provide a real 30 day Geotrust cert for free, with similarly low
hassle. At the end of the 30 days, you can renew the cert into a paid
one at cheapssls or any other Geotrust reseller.
I realize there are places that will provide totally free certs, but
their hassle level is far greater. For $24 I can get a Comodo cert
that will make my SSL complaints go away for three years, which seems
like a bargain to me.
R's,
John
