Re: buying ssl certificate
Le 2017-05-28 17:10, Andy Smith a écrit :
> Hello,
>
> On Fri, May 26, 2017 at 10:04:42PM +0000, kc atgb wrote:
>> I will have to buy/renew some certificates we have at my job.
>>
>> There are a certain number of certificates providers. The question I
>> have is which one do I have to consider ?
>
> Domain-validated (i.e. they just check you can receive email at the
> domain, or that you can put something int eh domain's DNS) TLS
> certificates are all pretty much the same.
>
> Your worst case scenario is that the certificate authority is found
> to be hopelessly insecure and is distrusted by one or more major
> browsers.
>
> I suggest it is worth your time to get letsencrypt automation
> working and just use those, for free.
>
> If you need extended validation for some reason then the costs will
> vary, pick any big name. You'd probably know what to do already if
> this were a requirement though.
>
We don't need extended validation and if I am not wrong, that can't
apply to our case because we have a wildcard certificate and there is no
specific validation for wildcards.
>> Recently came to the market some lowcoast ssl certificate providers.
>> Or free ssl providers. What do you think about them ?
>
> I think the best of the free ones is letsencrypt.
>
One problem I might have with letsencrypt is that it is not recognized
by all protocol clients. We have customers that are not always up to
date on their side (old OSes, softwares, hosts, ... ), and letsencrypt
is recent in the race, so not integrated on these devices.
> Cheers,
> Andy
Reply to: