Author here: if people aren't familiar with webcrypto (<a href="https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API" rel="nofollow">https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_...</a>) it's a way to do real crypto, using the OS and openssl / boringssl (Google's openssl fork). I.e., it's not 'JavaScript crypto', but actually has proper randomness, hence properly unguessable keys. When we make keypairs with webcrypto, the private key never leaves the browser, so CertSimple doesn't know it.<p>That said, if a user prefers to make keys on their own machine we create a custom bash / powershell script to create the necessary CSR and private key in a single paste - no clicking, no Q and A, and without installing anything.
Any stats on A/B testing at scale for EV certs v.s. non-EV? I'm sure it would vary by industry but I'm curious if anyone has shown that it's statistically worth it in their particular situation.<p>A pretty green bar with your company name is great and all but is it actually worth it? It's not just the couple hundred dollar price tag of getting the EV cert. It's the maintenance of having to manually replace it every N years v.s. automating the deployment via something like LetsEncrypt.
It'd be nice if CertSimple had a LetsEncrypt (obviously with some kind of auth - perhaps based on a secondary private/public key pair unrelated to the certificate(s)?) style tool to allow issuing/renewing certificates for a known account.<p>I understand that the initial proof of entity needs some human involvement on our end, but surely once it's proved, renewals could be automated?