Slashdot Mirror

← Back to Stories (view on slashdot.org)

Free SSL Certificate Project

Posted by samzenpus on from the everyone-likes-free-stuff dept.

An anonymous reader writes "Do you have a website or run even a web server and want to secure the traffic between your visitors browser and the web site? Did you find out, that in order to make your site SSL aware, you'll need a SSL (Secure Sockets Layer) certificate? Are you also surprised to find out that such a certificate can cost you up to a few hundred dollars, valid for one year only? For what, you might ask yourself? Linuxlookup.com is running a small article on free SSL certificates."

4 of 374 comments (clear)

  1. Well.. by Anonymous Coward · · Score: 5, Insightful

    Anyone CAN get one! All you have to do is pay X amount of money.

    Besides, do you really trust people such as Verisign to actively control certs?

  2. So? by winterdrake · · Score: 5, Insightful

    Like being able to self-issue a certif is new? Used some random tool that came with MS Office to do it last time I had a use for one, of course that was Office 2K or thereabouts but it's probably still there, and there are probably alot of other ways to self-issue one. The entire point of the big expensive ones is that you have a "trusted" authority validating the transaction.

  3. Re:Why shouldn't certification be free? by lukewarmfusion · · Score: 5, Insightful

    1. Getting an SSL certificate can require that you fax a copy of your articles of incorporation, public contact information, etc. Someone ends up doing some legwork to ensure that you are who you say you are and that you can be tracked down in the event that there is a complaint.

    2. Virtual hosts often share a single IP among many websites. You can't just authorize a name; SSL requires (from my understanding) a unique IP. That would make the IPv4 system even more strained.

    3. Certification pricing is partly based on trust. Anyone can generate a free certificate. But it won't work with every system because it wasn't created by a "trusted provider."

    If you can't afford a $200US/year fee for conducting "secure" business online, I probably wouldn't want to do business with you anyway.

  4. Re:Well.... by Best+ID+Ever! · · Score: 5, Insightful

    Well, the point of SSL is to encrypt communications. But the point of a signed certificate is to prevent impersonation. If a trusted authority allows anyone to get a certificate for any domain name, then it becomes easy to impersonate someone's site.

    I'm not sure what the point of this is, if the browsers don't have these folks listed as trusted authorities. You can already sign your own certificate and get the same effect. But if you are asking your customers/users to accept a certificate that is not signed by a trusted authority, you are leaving yourself open to being impersonated.