Jump to content

Mama, Weer all HTTPSeee now!


Joss
 Share

Recommended Posts

yep ssl 

I think you can get one certificate free here

http://www.cacert.org/

Love it

Read the site, looked interesting.

Clicked on the join the CAcert Community link, and....

 
The site's security certificate is not trusted!
You attempted to reach www.cacert.org, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.
  • Like 3
Link to comment
Share on other sites

Love it

Read the site, looked interesting.

Clicked on the join the CAcert Community link, and....

 
The site's security certificate is not trusted!
You attempted to reach www.cacert.org, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.

haha xddd

well but that does not mean it is a bad choice for a certification authority.

I think :P

Link to comment
Share on other sites

haha xddd

well but that does not mean it is a bad choice for a certification authority.

I think :P

Actually.. it does. If their certs are not trusted by OS and browser vendors by default, they're pretty much useless for anything but testing purposes :)

On a related note, this is IMHO a good (and very bold) move from Google -- one that I honestly didn't expect them to make, but am happy about nevertheless. Having a secure connection between you and the site you're trying to reach is definitely a plus and should affect the way (and the sites) people browse.

That being said, it's going to cause some extra work for a lot of companies and people.. including me :)

  • Like 6
Link to comment
Share on other sites

this give me some questions...(don't think g00gle is bad! but think that they didn't do something without a idea behind...)

- Did g00gle have buyed some companies that make money with httpS ?

- Is it real a secure (or more secure) fact that https helps here?

https is more expensive without a real security and more effort or work to get a good performance.

but there was 2011 successful  "man in the middle" attacs against https banking sites in germany...

for big userdata it is the option to choose but for a normal page??

we will see - g00gle ansounced often some things to see whats happen and first then they act.

only some thoughts from a non pro webmaniac....;)

  • Like 1
Link to comment
Share on other sites

https is more expensive without a real security and more effort or work to get a good performance.

I don't know what exactly you mean by security, but I much ruther see my data go encrypted through the wire instead of plaintext. There may be security holes, but at least the attacker has to do work, instead of just sniffing the traffic and reading it. From what I can remember from a recent talk at google io about ssl, the performance hit of it is mostly the handshake, so with http-keep-alive  and some other improvements the difference in performance shouldn't matter that much.

  • Like 4
Link to comment
Share on other sites

Yes, I know with one friend's eCommerce site, I moved him over to full SSL (rather than just the cart) and there was no obvious hit on performance at all, even though he was on a shared server.

The two main things about it are probably just the cost (which is not huge, but yet another cost all the same) and the annoyance of remembering to renew the certificate. Also, some hosts seem to have a frighteningly complicated procedure you have to go to get it up and running - a real minefield for the small website owner who is possibly trying to do it all themselves.

  • Like 1
Link to comment
Share on other sites

Quite a few hosts sell SSL certs far cheaper than you cam buy them directly from SSL companies and they're the same certs.

I won't name-drop, but you can get a $249 cert (2048-bit encryption and some other fancy features) for less than half that price from one webhost, so you could choose to see this as a chore or you could ask your host to install it for your clients which will take them a short space of time and be auto-renewed along with the hosting so there's no major headache for you.

You can choose to pass the whole discount on to customers or, quite reasonably, add a little markup for the time it's cost you but still come in a lot cheaper than buying a cert straight from the cert providers.

Everybody wins and the internet is a little bit more secure with each site that switches :)

  • Like 3
Link to comment
Share on other sites

Oh, also domain name registrars will often be able to do great prices, but if you get them from the web hosts they can install them for you as well for free so it depends how much you want to be involved in the process.

Link to comment
Share on other sites

@zwergo: admittedly I've no experience with StartSSL, apart from someone suggesting that to me a while ago (can't remember the context, though). At that time I checked their reviews (very good) but was put off by this: http://danconnor.com/post/50f65364a0fd5fd1f7000001/avoid_startcom_startssl_like_the_plague_.

I'm pretty sure that there was something else too, but it might've been just the fact that they're offering free service, which made me wonder how trustworthy they could be (and how long would browser vendors etc. continue to trust them). Nevertheless, might just give them a try one of these days :)

Something like GetSSL would be another option. I guess I could somehow scrape together the $9.95 their standard SSL certificate costs.. :)

Link to comment
Share on other sites

  • 2 weeks later...
  • 5 months later...
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...