Cheap SSL

skavenger0 · 2014-01-08T14:16:09.000Z

Has anyone actually used any of these budget SSL certs such as the site below?

123 Reg

123 Reg - SSL Certificates | Buy an SSL to Secure your Website – 33% off

Purchase an SSL Certificate to reassure visitors your website is secure. Our SSL Certificates are compatible with all browsers and can work on any website.

www.cheapssls.com/£3.09‎

I know all about the limitations of the technology I just want to know if the site is legitimate from someone who gave them a go.

I have a site that is just a computer gaming forum but I want to encrypt the login details so it doesn’t need to be anything special and there will be no personal information or financial records ever in use.

Rivitir · 2014-01-08T14:17:00.000Z

Its an SSL cert. Buy one from a trusted seller.

skavenger0 · 2014-01-08T14:21:35.000Z

That doesn’t really answer the question as the sites above allegedly sell Commodo certs which is a trusted seller.

End of the day the cert is never passed back to its provider for the encryption handshake, for the level I need I just don’t want a cert error to popup.

mxtj · 2014-01-08T14:24:55.000Z

i have used 123-reg and comodo before but not together but it doesnt matter. once you purchase SSL, you are dealing with comodo , not 123.

even though i am based in london, i purchase most of my SSLs from namecheap.com who has a lot cheap SSL offers.

Rivitir · 2014-01-08T14:25:30.000Z

skavenger0:

That doesn’t really answer the question as the sites above allegedly sell Commodo certs which is a trusted seller.
…

Allegedly. Exactly my point. Its always good to ask since you never know. But…

skavenger0:

…End of the day the cert is never passed back to its provider for the encryption handshake, for the level I need I just don’t want a cert error to popup.

Be careful with sites like these that say they sell something cheap. An SSL cert is not something you want to buy anywhere. End of the day you want to ensure it is a trusted cert. Otherwise you are compromising yourself. Which is my point.

skavenger0 · 2014-01-08T14:34:41.000Z

At this point I would be more concerned over my payment details than the end product. Its not difficult to verify the cert is genuine once you have a copy of it before putting it live.

From the statement above you’re not far off claiming that Self Signed certificates are just as compromised yet when used in a valid manner are just as safe it all comes down to how much do you trust the site or service you are connecting to.

skavenger0 · 2014-01-08T14:40:07.000Z

@mxtj

Ye, I’ve noticed namecheap.com aswel, they have alot more information about them online and there are several large reputable sites and reports on them.

skavenger0 · 2014-01-08T14:41:52.000Z

I’d just like to point out that if I would never even consider these sites if it was for work or a sites taking payment details. (Just in case anyone reads this thread thinking cheap sites are safe. That isn’t my argument.

sanjaysingh1243 · 2014-01-08T17:20:16.000Z

i use godaddy for SSL certs.

however startssl does provide you with free SSL certs…with some restrictions

i’ve used them when needing ssl certs for lab setups

servermonkey8064 · 2014-01-08T18:22:29.000Z

123-reg are 100% legitimate they’re a huge domain name company.

Namecheap would also be a good bet, we’ve used them lots before and again they’re huge.

josh7948 · 2014-01-09T13:53:25.000Z

I have used www.cheapssls.com and it worked very well. No problems with payments or my cert. I ended up with a 5 year comodo cert from them. Once you purchase from them, the cert comes from Comodo so they’re just a reseller.

jwarner · 2014-01-09T16:12:12.000Z

I use GoDaddy.

acald1481 · 2014-01-09T19:27:16.000Z

didn’t comodo just have problems with one of their root certs being stolen or something???

servermonkey8064 · 2014-01-09T19:31:07.000Z

acald:

didn’t comodo just have problems with one of their root certs being stolen or something???

IIRC it wasn’t Comodo that had a problem it was that one of their partners got hacked so the hacker could issue certs.

In this day and age it’s not something I’d factor into the purchasing decision tbh.

greg-collective-software · 2014-01-11T19:03:03.000Z

(All the following is just my opinion, and maybe even straying a bit off topic)

I’d put my SSL needs into one of two buckets:

Site needs to be “serious”/business-y in some fashion: get a reputable Extended Validation cert from a reasonably priced vendor whose root is trusted in all browsers.
Just a normal site. Get a free cert at StartSSL . Their business model is that they charge money based on the amount of effort they have to spend to verify and issue a cert. So the free version is free because it’s all automated and they don’t have to spend any human effort to verify you.

Basically, it’s darn near inexcusable for a site to be non-SSL these days (I’m looking at you, SpiceWorks). Certs are priced from cheap to free, and modern TLS configurations drastically reduce the old problem of expensive connection setup.

It bugs me that I still have to use services that are not SSL all the time. What is this 2004?

skavenger0 · 2014-01-13T07:37:36.000Z

@Greg that was my thoughts exactly. I just want to be able to encrypt my entire non-business site completely without having Cert errors from a self signed.

greg-collective-software · 2014-01-13T07:38:40.000Z

Oh in that case you really want StartSSL. It is trusted in browsers and you can’t beat free