Least expensive wildcard cert?
- 
 @Grey this is one of the places where a purchased SSL (wildcard or just a few SANS) still makes sense. Let's Encrypt is continually improving, but a place with many internal systems wanting to use a 3rd part CA cert is still a use case for a purchased wildcard cert. 
- 
 I used ssls.com to but a regular certificate and it was crazy cheap, $5. Their cheapest wildcard looks like it is $85. 
- 
 @BRRABill said in Least expensive wildcard cert?: I used ssls.com to but a regular certificate and it was crazy cheap, $5. Their cheapest wildcard looks like it is $85. Thanks. Sent this up the chain! Let's see how things go.  
- 
 @Grey said in Least expensive wildcard cert?: @BRRABill said in Least expensive wildcard cert?: I used ssls.com to but a regular certificate and it was crazy cheap, $5. Their cheapest wildcard looks like it is $85. Thanks. Sent this up the chain! Let's see how things go.  I had absolutely no problems with them. In fact, I was pissed at myself I had been paying so damn much! 
- 
 @BRRABill said in Least expensive wildcard cert?: @Grey said in Least expensive wildcard cert?: @BRRABill said in Least expensive wildcard cert?: I used ssls.com to but a regular certificate and it was crazy cheap, $5. Their cheapest wildcard looks like it is $85. Thanks. Sent this up the chain! Let's see how things go.  I had absolutely no problems with them. In fact, I was pissed at myself I had been paying so damn much! That's a good way to describe my boss' face. He kept asking why there was such a price difference between this and Symantec's certs since that's what the org has been using for many, many years. That led to discussions of root auth and key length, but in the end I kinda just shrugged and said that the certs were no different. 
  
- 
 StartSSL.com "was" great for stuff like this till they went & messed it all up! 
- 
 @FATeknollogee said in Least expensive wildcard cert?: StartSSL.com "was" great for stuff like this till they went & messed it all up! And made it quite clear they didn't care that they messed it all up. That software developers will make mistakes is a given, that they quickly fix mistakes is what I want to see. 
- 
 @Grey said in Least expensive wildcard cert?: @BRRABill said in Least expensive wildcard cert?: @Grey said in Least expensive wildcard cert?: @BRRABill said in Least expensive wildcard cert?: I used ssls.com to but a regular certificate and it was crazy cheap, $5. Their cheapest wildcard looks like it is $85. Thanks. Sent this up the chain! Let's see how things go.  I had absolutely no problems with them. In fact, I was pissed at myself I had been paying so damn much! That's a good way to describe my boss' face. He kept asking why there was such a price difference between this and Symantec's certs since that's what the org has been using for many, many years. That led to discussions of root auth and key length, but in the end I kinda just shrugged and said that the certs were no different. 
  Easy answer - all free and cheap products have an overpriced equivalent to take advantage of suckers. The very fact that people ask "well why does it cost so much" proves the value of simply overcharching to get their money. 
- 
 @Grey said in Least expensive wildcard cert?: @BRRABill said in Least expensive wildcard cert?: @Grey said in Least expensive wildcard cert?: @BRRABill said in Least expensive wildcard cert?: I used ssls.com to but a regular certificate and it was crazy cheap, $5. Their cheapest wildcard looks like it is $85. Thanks. Sent this up the chain! Let's see how things go.  I had absolutely no problems with them. In fact, I was pissed at myself I had been paying so damn much! That's a good way to describe my boss' face. He kept asking why there was such a price difference between this and Symantec's certs since that's what the org has been using for many, many years. That led to discussions of root auth and key length, but in the end I kinda just shrugged and said that the certs were no different. 
  Easy answer - all free and cheap products have an overpriced equivalent to take advantage of suckers. The very fact that people ask "well why does it cost so much" proves the value of simply overcharching to get their money. If the answer isn't obvious - because people want to spend a lot - then it's obvious why such a trick works. 
- 
 StartSSL 
 StartSSL Identity Validation is the cheapest one that offers wildcards. Identity Validation is the cheapest one that offers wildcards.
- 
 @black3dynamite said in Least expensive wildcard cert?: StartSSL 
 StartSSL Identity Validation is the cheapest one that offers wildcards. Identity Validation is the cheapest one that offers wildcards.They're a never use now tho, any new certificates they issue will not be accepted by any major web browser. 
- 
 StartCom is actually most likely still a decent service, but they were bought by WoSign who got in trouble for something or another. I do not recall the details of that. Because a CA has to be completely trustworthy, and the WoSign purchase was secret, boom no more StartCom certs.  
- 
 They got caught backdating certs & doing some other funky stuff. 
 https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
 https://www.theregister.co.uk/2016/10/10/heads_roll_as_qihoo_360_moves_to_end_wosign_startcom_certificate_row/
- 
 @FATeknollogee said in Least expensive wildcard cert?: They got caught backdating certs & doing some other funky stuff. 
 https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
 https://www.theregister.co.uk/2016/10/10/heads_roll_as_qihoo_360_moves_to_end_wosign_startcom_certificate_row/To my understanding, it was WoSign that did this stuff, not StartCom. WoSign then secretly bought StartCom. That is the part that killed StartCom. 
- 
 ^ Yes, that is correct, not StartCom ^ Question is will StartCom (+ WoSign) ever recover since they have not yet claimed that they are dead or out of business! 
- 
 @FATeknollogee said in Least expensive wildcard cert?: ^ Yes, that is correct, not StartCom ^ Question is will StartCom (+ WoSign) ever recover since they have not yet claimed that they are dead or out of business! Lenovo is doing well selling to people who can't remember the biggest news in IT security ever, even thought it is recent, and that is far worse. So I imagine that the average shop will just ignore the security problems here and keep giving them money. 
- 
 I was looking at a cell phone the other day and saw Lenovo. I closed the page and washed my eyes out with soapy water. 
- 
 @scottalanmiller said in Least expensive wildcard cert?: Lenovo is doing well selling to people who can't remember the biggest news in IT security ever, even thought it is recent, and that is far worse. So I imagine that the average shop will just ignore the security problems here and keep giving them money. True, but the browser folks (Mozilla, Google, Apple & Msft) will have more influence on whether or not they stay alive. 
 What can they do if no browser's will trust their certs?
- 
 @FATeknollogee said in Least expensive wildcard cert?: @scottalanmiller said in Least expensive wildcard cert?: Lenovo is doing well selling to people who can't remember the biggest news in IT security ever, even thought it is recent, and that is far worse. So I imagine that the average shop will just ignore the security problems here and keep giving them money. True, but the browser folks (Mozilla, Google, Apple & Msft) will have more influence on whether or not they stay alive. 
 What can they do if no browser's will trust their certs?Maybe, we will see. 
- 
 @scottalanmiller said in Least expensive wildcard cert?: @FATeknollogee said in Least expensive wildcard cert?: @scottalanmiller said in Least expensive wildcard cert?: Lenovo is doing well selling to people who can't remember the biggest news in IT security ever, even thought it is recent, and that is far worse. So I imagine that the average shop will just ignore the security problems here and keep giving them money. True, but the browser folks (Mozilla, Google, Apple & Msft) will have more influence on whether or not they stay alive. 
 What can they do if no browser's will trust their certs?Maybe, we will see. Only 2 browsers are not trusting them right now though. Here is the image I posted above. 
  







