Free SSL Certificates

[theparrot]

Do you want to offer https but not have to pay the yearly fees?

Do you want still want a certificate that is at least not self signed?

You can get free certificates for https, as well as other things (secure email for example, or digital code signing) at http://cacert.org/

 

[theparrot]

Hmm.. I am a bit suprised no one posted any response to this. I guess this is not the type of thing people are interested in here?

 

[DSL]

How is this free ssl?

 

[peaudecastor]

Welcome to CAcert, the community non-profit Certificate Authority. If you are looking to have your web browser trust our certificates, please install our root certificate.

This is not a trusted root.

 

[theparrot]

How is this free ssl?

How is it not?

 

[Crusader]

How exactly does it work?

 

[theparrot]

This is not a trusted root.

Well, one question to ask is, so? (Though in reality it is an issue.)

Also though, it can be. You just have to install it. That means a click on a link. Even without that being done, it still will encrypt the data when it is used. What it is not is in the default list of roots in IE or Mozilla etc. yet. It is a catch-22, and politics are involved.

First you have to ask yourself what is a 'trusted root' and what makes it trusted? Even what is the purpose of SSL and/or a CA. Did you know at least a couple of years ago you could easily by the root certificates of a number of firms that where already preinstalled in IE and Netscape?

They actually seem to do more to ensure the validity of a named certificate then many for pay places do at times.

some links for thought:


http://www.onlamp.com/pub/wlg/5142
http://www.schneier.com/crypto-gram-0104.html#7
http://bugzilla.mozilla.org/show_bug.cgi?id=215243

I like the idea, had it myself a few years ago, but no time to persue it. I am not sure CAcert is the right org. to pull it off, but I find it interesting none the less.

I think I am going to get a cert. or two from them and see how it goes.

 

[peaudecastor]

Well, one question to ask is, so? (Though in reality it is an issue.)

Also though, it can be. You just have to install it. That means a click on a link. Even without that being done, it still will encrypt the data when it is used. What it is not is in the default list of roots in IE or Mozilla etc. yet. It is a catch-22, and politics are involved.

First you have to ask yourself what is a 'trusted root' and what makes it trusted? Even what is the purpose of SSL and/or a CA. Did you know at least a couple of years ago you could easily by the root certificates of a number of firms that where already preinstalled in IE and Netscape?

They actually seem to do more to ensure the validity of a named certificate then many for pay places do at times.

some links for thought:


http://www.onlamp.com/pub/wlg/5142
http://www.schneier.com/crypto-gram-0104.html#7
http://bugzilla.mozilla.org/show_bug.cgi?id=215243

I like the idea, had it myself a few years ago, but no time to persue it. I am not sure CAcert is the right org. to pull it off, but I find it interesting none the less.

I think I am going to get a cert. or two from them and see how it goes.

I understand what you mean. But the bottom line is that a certificates that request to be installed isnt good enough for me.

Thanks anyway, I may look into it for some of my mail server.

Cheers,

Matt