I got a certificate from GoDaddy, and it only seems to work without throwing user warnings on only a handful of browsers (FF on windows, but not on Linux, not chrome, etc). Shelling
out several hundred bucks for a Verisign certificate seems awfully steep for a shoe string operation. Are there better alternatives?
This is a known issue with GoDaddy certificates, and can be corrected by specifying an intermediate cert. I ran into the same issue at one point in the past and had to Google a bit to fix it.<p>GoDaddy itself is not a trusted CA on all platforms. It is backed by a trusted CA. To make this work, you have to add a "certificate chain" in your web server and provide the additional certificate linking GoDaddy to that trusted CA.<p>Read more about the configuration here. Note that you'll have to download one additional certificate, not just the main signed certificate.
<a href="http://help.godaddy.com/article/5346" rel="nofollow">http://help.godaddy.com/article/5346</a><p>Here is what my ssl.conf looks like in Apache:<p><pre><code> SSLCertificateFile /etc/httpd/foo.crt
SSLCertificateKeyFile /etc/httpd/foo.key
SSLCertificateChainFile /etc/httpd/gd_bundle.crt
</code></pre>
That gd_bundle.crt is what you're probably missing. Hope this helps.
<a href="http://www.trustico.co.uk/products/rapidssl/cheap-rapidssl-ssl-certificate.php" rel="nofollow">http://www.trustico.co.uk/products/rapidssl/cheap-rapidssl-s...</a><p>Cheap, no certificate chain, and everything seems to have the roots installed.<p>It doesn't really matter where you get them from, the whole thing is a bit of a scam anyway. Since your security is as weak as the worst issuer, there's no point in buying a "premium" certificate.
I use NameCheap's RapidSSL product for $10/yr. The only thing I don't like about it is that when you register, the 'Organization' value you enter gets overwritten with the common name/domain name. This means that when someone reads the certificate details in their browser, they can't find any reference to your actual company name.
I like DigiCert.<p>One nice thing they do is give you a www alt name for your domain. (e.g. alt name == www.apple.com for domain apple.com). Thawte charges a minimum of $169 for this.<p>This means that your certificate will be able to be used by www.domain.com and domain.com.<p>Some certs aren't able to be used for both (<a href="https://amazon.com" rel="nofollow">https://amazon.com</a>), and the alternative is to buy two certs.
Check out this thread:
<a href="http://news.ycombinator.com/item?id=464916" rel="nofollow">http://news.ycombinator.com/item?id=464916</a><p>Also, you might want to provide a bit more about the cert you currently have if you want to know why it's not working on other browsers. Finally, you might want to consider asking/browsing on serverfault.com. There are good discussions on the topic of SSL on that site.
I bought RateMyStudentRental's SSL cert from Godaddy and it was a PITA to setup compared to if you get a trusted root certificate (that does not need to be chained).<p>After reading this thread [1] I bought LeadNuke's SSL cert from NameCheap (a rebranded RapidSSL certificate). Sure enough it was incredibly easy to setup, and is trusted on all the main browsers.<p>[1] <a href="http://news.ycombinator.com/item?id=1318340" rel="nofollow">http://news.ycombinator.com/item?id=1318340</a>
StartCom - their "domain validated" certificates (which other CAs charge for) are free: <a href="http://www.startssl.com/" rel="nofollow">http://www.startssl.com/</a>
I use gandi.net.
Gandi provides a free SSL certificate (for one year) when you buy/renew a domain from them. It's quite a good deal.<p><a href="http://en.gandi.net/ssl" rel="nofollow">http://en.gandi.net/ssl</a>
I was thinking about this just today. I want a cert to use with Heroku. I love Dreamhost and I use them for all my static websites, backup storage, git hosting, and domain registration. They provide SSl certs for $15, but I've never bought one and they don't provide a lot of details. They mention that you can use them with other hosts, but not much else.<p>Anyone have experience with Dreamhost SSL?
We use a Comodo certificate, but it's been so long since we got it issued, I don't think they even offer it anymore?!?<p>I would try these sites:<p>- <a href="http://instantssl.com" rel="nofollow">http://instantssl.com</a> (comodo)<p>- <a href="http://www.sslmatic.com" rel="nofollow">http://www.sslmatic.com</a> (retailer of various)<p>That should be a start.
You probably forgot to combine the intermediate certs with your domain cert. That said, I use startcom (<a href="http://www.startssl.com/" rel="nofollow">http://www.startssl.com/</a>). You can get free SSL certs there that work in 99% of browsers. If you pay the identity verification fee (I think about $50), you can get free WILDCARD certificates!
Are SSL certificates internationally recognized? In other words, if I have users coming from both the US as well as a variety of other nations, will SSL certificates be recognized regardless of the user's origin, or is there such a thing as an international SSL certificate?
(Disclaimer: I don't know what I'm talking about) You might want to try DigiCert: I researched a few different providers earlier this year, and DigiCert seemed to be cheap and trusted. No direct experience with them, tho.
my next HTTPS cert will be from DynaDot since I liked how they run their DNS registrar service (with optional API, yeah!) and generally got a "smart" vibe from them. I've gotten certs from VeriSign and generally found it surprisingly expensive, complex and slow. Fundamentally, a file needs to be generated. Generating that file should be pretty fast on a modern computer, and a commodity service. Yes there's some extra stuff potentially involved. But at it's core it should be a pretty simple and fast and therefore cheap process. IMO.
<a href="https://www.geocerts.com" rel="nofollow">https://www.geocerts.com</a><p>Fast provisioning and a simple-to-use interface. I've bought many certs from them and am very satisfied.
I got a free 3 month certificate from Comodo and then I used a promotional offer from RapidSSL for Comodo customers to get a free 1 year cert (in addition to 3 months). Result: free 15 month certificate.