Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

The new StartCom SSL
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

The new StartCom SSL

sibapersibaper Member
edited April 2017 in General


Notice to all subscribers:

StartCom will launch the new secure system in April 10th, the new website URL is https://www.startcomca.com, please use the new website that it will issue the certificate from new StartCom Root CA. thanks.

Firefox 55.0a1 (2017-04-09) (64-bit) didn't trust https://www.startcomca.com/
But trusted on Chrome Version 55.0.2883.75 (64-bit)

Both on Linux

They use Camerfirma SSL

Oh my GOD https://www.ssllabs.com/ssltest/analyze.html?d=www.startcomca.com&hideResults=on
" This server's certificate chain is incomplete. Grade capped to B. "

«1

Comments

  • jgillichjgillich Member
    edited April 2017

    StartSSL Extended Validation Package, only US$ 1.5

    Am I reading this right, (useless) EV certs for less than two bucks? What the actual fuck..

    Thanked by 2AuroraZ raindog308
  • williewillie Member

    Lol. Aren't they out of browser trust lists for the next year?

    Thanked by 1AuroraZ
  • sibapersibaper Member

    jgillich said: Am I reading this right, (useless) EV certs for less than two bucks? What the actual fuck..

    That's US $ 199.90. Their new website, unusable right now. IDK what timezone their April 10th is. I'm already on Tue Apr 11 10:07:27

  • ArchArch Member

    whaat? but half the fun of getting free SSL certificates was trying to figure out their clusterf*ck of a website...

    Thanked by 2AuroraZ ElliotJ
  • rm_rm_ IPv6 Advocate, Veteran

    Note that:

    Currently, in case of requesting SSL certificates only, StartCom is offering the validation for free.

    For other types of certificate, StartCom will still charge for the validation.

    So it's not even $1.5/year, it's just entirely free, if you only want SSL certs (and not code signing or E-Mail certs).

    As for the website, it works for me in Chromium 52, but not in Pale Moon.

  • robohostrobohost Member

    not worked in chrome 57.0.2987.133 (64-bit)
    NET::ERR_CERT_AUTHORITY_INVALID

  • sibapersibaper Member

    After login

    Currently, in case of requesting SSL certificates only, StartCom is offering the validation for free. For other types of certificate, StartCom will still charge for the validation.
If your purpose for validation is to get Code Signing certificate or client certificate, please process the payment of the validation fee by "Tool Box - My Balance - Recharge".Thanks.
Notice: 
1. Mozilla and Google decided to distrust all StartCom root certificates as of 21st of October, this situation will have an impact in the upcoming release of Firefox and Chrome in January. Apple's decision announced on Nov 30th of distrusting all StartCom root certificates as of 1st of December will have an impact in their upcoming security update. 
2. Any subscribers that paid the validation fee after Oct. 21st can get full refund by request. 
3. StartCom will provide an interim solution soon and will replace all the issued certificates with issuance date on or after Oct 21st in case of requested. Meanwhile StartCom is updating all systems and will generate new root CAs as requested by Mozilla to regain the trust in these browsers.

    rm_ said: So it's not even $1.5/year, it's just entirely free, if you only want SSL certs (and not code signing or E-Mail certs).

    I asking few question via Live Chat, the EV SSL is only trusted by Microsoft
    "At the moment they are trusted only with Microsoft products, that is why we are giving it for "free". We are working on the issue, but we will fix the problem in around two mouths."

  • WSSWSS Member

    "We are working on the issue, but we will fix the problem in around two mouths."

    Translation: Prepare to swallow.

    Thanked by 4Nekki dedicados netomx deadbeef
  • raindog308raindog308 Administrator, Veteran

    Weren't they the guys who gave free SSL but if you needed to reissue, it was an arm and a leg?

  • jenkkijenkki Member

    https://swissns.ch/site/lps/ssl/index.html

    Thanked by 1busbr
  • doghouchdoghouch Member

    @sibaper said:

    jgillich said: Am I reading this right, (useless) EV certs for less than two bucks? What the actual fuck..

    That's US $ 199.90. Their new website, unusable right now. IDK what timezone their April 10th is. I'm already on Tue Apr 11 10:07:27

    Can confirm. The site is going up and down, while displaying the wrong prices.

  • moonmartinmoonmartin Member
    edited April 2017

    With LetsEncrypt, why would anyone bother with StarCom?

  • nepsneps Member

    moonmartin said: With LetsEncrypt, why would anyone bother with StarCom?

    To save a few keystrokes, once upon a time. Nowadays doesn't seem worth it, haven't touched them in ages, don't plan to again.

  • sibapersibaper Member

    moonmartin said: With LetsEncrypt, why would anyone bother with StarCom?

    • not stable enough for production, check their forum for complaint about rate limit. I've 10 sites using Letsecnrypt some renewal hit and miss. (at least on my case)
    • how to revoke SSL if you already delete your server? for example testing server on hourly based 'cloud'
  • jgillichjgillich Member
    edited April 2017

    sibaper said: not stable enough for production, check their forum for complaint about rate limit. I've 10 sites using Letsecnrypt some renewal hit and miss. (at least on my case)

    Renewals are NEVER rate limited, read the docs: https://letsencrypt.org/docs/rate-limits/

    sibaper said: how to revoke SSL if you already delete your server? for example testing server on hourly based 'cloud'

    And why would you need to revoke a certificate that you deleted? The point of revocation is to invalidate leaked certificate. With cert life spans of 3 months, it's not as big of a deal as it used to be anyway.

  • WSSWSS Member

    @sibaper said:

    moonmartin said: With LetsEncrypt, why would anyone bother with StarCom?

    • not stable enough for production, check their forum for complaint about rate limit. I've 10 sites using Letsecnrypt some renewal hit and miss. (at least on my case)

    This is outright horseshit. I've requested almost 50 at a time from the same subnet over a handful of hosts. Post the logs.

  • sibapersibaper Member

    jgillich said: Renewals are NEVER rate limited, read the docs: https://letsencrypt.org/docs/rate-limits/

    I should split " I've 10 sites using Letsecnrypt some renewal hit and miss. (at least on my case)" with the first.

    jgillich said: The point of revocation is to invalidate leaked certificates, and with cert life spans of 3 months at most, it's not as big of a deal as it used to be.

    Why it's a big deal if cert expired in 1 year?

  • rm_rm_ IPv6 Advocate, Veteran

    jenkki said: https://swissns.ch/site/lps/ssl/index.html

    If this worked for 3 year cert then it'd be nice, but as it stands you might just as well go with assl.loovit.net

    Thanked by 1deadbeef
  • jenkkijenkki Member

    rm_ said: If this worked for 3 year cert then it'd be nice, but as it stands you might just as well go with assl.loovit.net

    Just wondering if something outed from Europe right now instead Comodo or similar.

  • alfinderaualfinderau Member

    @jenkki said:
    https://swissns.ch/site/lps/ssl/index.html

    Does anyone know if subdomains can be added, besides www? Can't find any info on their website.

  • alfinderaualfinderau Member

    @rm_ said:
    [...] you might just as well go with assl.loovit.net

    Is this a serious company? The website loovit.net is more than fishy, it's a nearly empty site not providing any piece of information...

  • stefemanstefeman Member

    @alfinderau said:

    @rm_ said:
    [...] you might just as well go with assl.loovit.net

    Is this a serious company? The website loovit.net is more than fishy, it's a nearly empty site not providing any piece of information...

    It's being provided by a member in this forum.. he offers free standard/wildcard SSL certificates for members here.

    Thanked by 1deadbeef
  • alfinderaualfinderau Member

    Amazing! But are these certificates widely accepted? Which CA is behind them?

  • RazzaRazza Member
    edited April 2017

    alfinderau said: Amazing! But are these certificates widely accepted? Which CA is behind them?

    Yes it's widely accepted, it's a AlphaSSL cert the root CA is GlobalSign.

  • jenkkijenkki Member

    There also some discounted Polish SSL exist 10 PLN around $2/yr

    https://az.pl/ssl/

    Thanked by 1deadbeef
  • AluminatAluminat Member

    @jenkki said:
    There also some discounted Polish SSL exist 10 PLN around $2/yr

    https://az.pl/ssl/

    Wildcard or single subdomain/domain?

  • sibapersibaper Member

    Aluminat said: Wildcard or single subdomain/domain?

    wildcard = 60 zł
    ~15 USD

    Thanked by 2Aluminat jenkki
  • deadbeefdeadbeef Member

    @rm_ said:
    might just as well go with assl.loovit.net

    Apart from the "it might be revoked if outside the intended host use", is they any other reason not to?

  • WSSWSS Member

    @deadbeef said:

    @rm_ said:
    might just as well go with assl.loovit.net

    Apart from the "it might be revoked if outside the intended host use", is they any other reason not to?

    LE takes about half the time to setup?

    Thanked by 1deadbeef
  • deadbeefdeadbeef Member
    edited April 2017

    @WSS said:

    @deadbeef said:

    @rm_ said:
    might just as well go with assl.loovit.net

    Apart from the "it might be revoked if outside the intended host use", is they any other reason not to?

    LE takes about half the time to setup?

    LE bundles your subdomains together on the cert, if I'm not mistaken. Which effectively means you can't have "private" subdomains with them. With a wildcard on the other hand...

Sign In or Register to comment.