You can get free SSL certs through http://www.startssl.com/. Granted, their website is _horrendous_ to navigate. Also, the certs are encryption only - no real identity verification - so they won't light up your address bar blue or green.
While they are great for hobby projects and personal sites there are some differences. For example, they are not for commercial use:
"Class 1 certificates are limited to client and server
certificates, whereas the later is restricted in its usage for non-commercial purpose only." via https://www.startssl.com/policy.pdf
Same here. I wish there were at least some kind of valuable information somewhere included.
For example how OP is (planing to) promote such a completely generic, replaceable product with a gazillion competitors and no way to differentiate the product. Except of cause with the HN upvoting bot :)
congrats on launching! but it seems like a toy since you have a page like https://getssl.me/en/csr that actively encourages the bad practice of letting a third-party see your private key.
Maybe I don't understand enough about SSL certificates, but I am hesitant to buy a critical piece of site infrastructure from someones side project. Am I being overly cautious?
As long as the cert chains back to a root CA that is accepted everywhere, there's really nothing of value to separate the various vendors, except the purchasing price.
Unfortunately, ssl is a game where bad CAs ruin it for everyone, not just their customers: It does not matter for an attacker where they got a bogus certificate as long as it is considered valid, and there's little you can do to protect against it, certainly not by paying more or spending more effort on validation of your own cert. ("EV" (which is what the CAs really should have been doing all this time) and cert pinning comes to mind)
Almost every SSL vendor resells SSL certificates from a few big names, and other than the ordering/paying process and support (if needed) any certificate from Comodo is as good as any other Comodo Cert, no matter who you buy it through.
There are minor differences between providers (like a Godaddy wildcard for .company.com also including company.com as a secondary entry while RapidSSL wildcard does .company.com only and will give a warning if used for http://company.com) but I've never know a user to care unless a certificate warning pops up.
While I agree with you, most vendors give the impression of about as much dependability and trustworthiness (if not less, given their longer-lived but far spammier presentation).
They are Comodo certificates and are issued by Comodo CA. We can offer lower prices (yes, even lower than Comodo themselves) because we are a small team and we can put smaller margins.
Also we believe in friendly support and no hidden costs or tricks :)
As other posters pointed out, there are obviously competitors in the space (as I'm sure you were already aware).
In my experience, buying SSL certs can be a little confusing since there are so many providers and different types of certs. I did the research to figure out what product I needed, but I can imagine a sizable niche of customers who just want someone to tell them what they need.
I get my SSL certificates from Namecheap[1]. Here the cheapest ones are $9/yr (they are the same certificates as the OP's cheapest ones) and they're I suppose a well-known domain registrar.
This isn't very unique, and your pricing <isn't> the cheapest.
Namecheap: $1.99 for for their SSL with another product, right? Use coupon code WGSPECIAL and you'll get a whoisguard in your cart for $.99 and you can add another product (SSL cert) = winning. No, you don't need to add any domain name. Total is around $3.
[+] [-] mankyd|13 years ago|reply
[+] [-] glazskunrukitis|13 years ago|reply
[+] [-] mrinterweb|13 years ago|reply
[+] [-] downandout|13 years ago|reply
[+] [-] stfu|13 years ago|reply
For example how OP is (planing to) promote such a completely generic, replaceable product with a gazillion competitors and no way to differentiate the product. Except of cause with the HN upvoting bot :)
[+] [-] glazskunrukitis|13 years ago|reply
[+] [-] bcl|13 years ago|reply
[+] [-] ammmir|13 years ago|reply
[+] [-] FooBarWidget|13 years ago|reply
[+] [-] tekacs|13 years ago|reply
[+] [-] mrmagooey|13 years ago|reply
[+] [-] 0x0|13 years ago|reply
Unfortunately, ssl is a game where bad CAs ruin it for everyone, not just their customers: It does not matter for an attacker where they got a bogus certificate as long as it is considered valid, and there's little you can do to protect against it, certainly not by paying more or spending more effort on validation of your own cert. ("EV" (which is what the CAs really should have been doing all this time) and cert pinning comes to mind)
[+] [-] DrStalker|13 years ago|reply
There are minor differences between providers (like a Godaddy wildcard for .company.com also including company.com as a secondary entry while RapidSSL wildcard does .company.com only and will give a warning if used for http://company.com) but I've never know a user to care unless a certificate warning pops up.
[+] [-] obviouslygreen|13 years ago|reply
[+] [-] glazskunrukitis|13 years ago|reply
Also we believe in friendly support and no hidden costs or tricks :)
[+] [-] kdsudac|13 years ago|reply
In my experience, buying SSL certs can be a little confusing since there are so many providers and different types of certs. I did the research to figure out what product I needed, but I can imagine a sizable niche of customers who just want someone to tell them what they need.
[+] [-] mileswu|13 years ago|reply
[1] https://www.namecheap.com/ssl-certificates/comodo.aspx
[+] [-] joshmn|13 years ago|reply
Namecheap: $1.99 for for their SSL with another product, right? Use coupon code WGSPECIAL and you'll get a whoisguard in your cart for $.99 and you can add another product (SSL cert) = winning. No, you don't need to add any domain name. Total is around $3.
[+] [-] cynix|13 years ago|reply
[+] [-] glazskunrukitis|13 years ago|reply