Log in

No account? Create an account
SSL CAs - brad's life — LiveJournal [entries|archive|friends|userinfo]
Brad Fitzpatrick

[ website | bradfitz.com ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

SSL CAs [Oct. 9th, 2003|03:02 pm]
Brad Fitzpatrick
Can anybody give me info (or a URL) on what SSL CAs are recognized by what browsers/versions?

LJ's cert is soon expiring, and the debate is between staying with Comodo (which isn't recognized by Mac IE 5.1... who cares?) or using somebody else.

Unfortunately, Verisign and thus Thawte are evil, and I don't want to give those pigfuckers any more money.

What's the cool crowd using nowadays? (Self-signed is not an option.)

[User Picture]From: davidfrey
2003-10-09 03:00 pm (UTC)
If you don't like the Verisign superpower - I'd stick with Comodo. I did a bunch of research for clients at the beginning of the year and they had the best browser integration of all the cheaper outfits. Incidentally, I bought mine from instantssl.com just because of price. Thawte/Verisign still seem to have the largest infiltration of root certificates in browsers accross the board.
(Reply) (Thread)
[User Picture]From: scsi
2003-10-09 03:04 pm (UTC)
How about geotrust? Thats who we use at my work.
(Reply) (Thread)
[User Picture]From: supersat
2003-10-09 03:14 pm (UTC)
Consumer.net/Tucows OpenSRS provides cheap GeoTrust SSL certs. I use them for domain name registration and they seem about as far away from evil as possible. Don't know about browser compatibility, though.
(Reply) (Parent) (Thread)
[User Picture]From: chris
2003-10-09 03:41 pm (UTC)
yeah, my last employer switched everything over to geotrust.
(Reply) (Parent) (Thread)
[User Picture]From: stephenbooth_uk
2003-10-09 03:07 pm (UTC)
Where I work we use Ignite (part of British Telecom) and have not had any problems with them. I've tested the site using IE 5 through 6, Mozilla 1.1 through 1.4, Konquorer (the version that comes with the KDE in SuSE Linux 8.1 and 8.2) and Galeon (the version that comes with Ximian Desktop 2); none of them have complained.
(Reply) (Thread)
From: justgags
2003-10-09 03:12 pm (UTC)
whats the need for having a certificate?
(Reply) (Thread)
[User Picture]From: starblazr
2003-10-09 04:42 pm (UTC)
um, ordering a pay account?
(Reply) (Parent) (Thread)
[User Picture]From: davidfrey
2003-10-09 03:24 pm (UTC)
Perhaps this site can provide some additional background information for you.
(Reply) (Thread)
[User Picture]From: nolegs
2003-10-09 04:32 pm (UTC)

Cool kids.

Ketamine and machetes.
(Reply) (Thread)
[User Picture]From: octal
2003-10-10 09:14 am (UTC)
I'd say geotrust; I'd be happy to pass one on from opensrs at cost, or in exchange for lj services :)
(Reply) (Thread)
[User Picture]From: krow
2003-10-10 11:37 am (UTC)
Look at Slashdot's and Sourceforge's. I know that Uriah did the "politically correct" thing when he got those.
(Reply) (Thread)
[User Picture]From: jesse
2003-10-11 07:31 pm (UTC)

Trust Geo. Trust.

GeoTrust is definitely a winner in my book. We've been using it on one of our sites for about 6 months now and haven't had a single complaint. I'll definitely be canning Thwate (if that's what you want to call it) once our other certs expire. And, I found the signup process with GeoTrust extremely gratifying and easy (I had the certificate 10 minutes after I visited their website). Good stuff indeed.
(Reply) (Thread)