22 comments

[ 3.1 ms ] story [ 62.1 ms ] thread
Maybe I don't understand enough about SSL certificates, but I am hesitant to buy a critical piece of site infrastructure from someones side project. Am I being overly cautious?
They are Comodo certificates and are issued by Comodo CA. We can offer lower prices (yes, even lower than Comodo themselves) because we are a small team and we can put smaller margins.

Also we believe in friendly support and no hidden costs or tricks :)

While I agree with you, most vendors give the impression of about as much dependability and trustworthiness (if not less, given their longer-lived but far spammier presentation).
As long as the cert chains back to a root CA that is accepted everywhere, there's really nothing of value to separate the various vendors, except the purchasing price.

Unfortunately, ssl is a game where bad CAs ruin it for everyone, not just their customers: It does not matter for an attacker where they got a bogus certificate as long as it is considered valid, and there's little you can do to protect against it, certainly not by paying more or spending more effort on validation of your own cert. ("EV" (which is what the CAs really should have been doing all this time) and cert pinning comes to mind)

Almost every SSL vendor resells SSL certificates from a few big names, and other than the ordering/paying process and support (if needed) any certificate from Comodo is as good as any other Comodo Cert, no matter who you buy it through.

There are minor differences between providers (like a Godaddy wildcard for .company.com also including company.com as a secondary entry while RapidSSL wildcard does .company.com only and will give a warning if used for http://company.com) but I've never know a user to care unless a certificate warning pops up.

Wasn't Comodo that company whose root certificate was compromised a while ago?
A selection of them were bogus-issued for a dozen or so big-name web domains, yes.
You can get free SSL certs through http://www.startssl.com/. Granted, their website is _horrendous_ to navigate. Also, the certs are encryption only - no real identity verification - so they won't light up your address bar blue or green.
While they are great for hobby projects and personal sites there are some differences. For example, they are not for commercial use: "Class 1 certificates are limited to client and server certificates, whereas the later is restricted in its usage for non-commercial purpose only." via https://www.startssl.com/policy.pdf
If you pay for the class 2 cert from startssl, they do an identity verification. Startssl's, paid cert is still cheaper than this getssl's $70 cert.
You don't pay for class 2 certs from startssl. You pay for class 2 validation. After validation you can generate an unlimited number of class 2 certs at no cost including wildcard certs. Validation is cheaper than a single premium cert from getssl.

Startssl does charge per cert for EV certs. The first cert is $199.90 and subsequent are $49.90. A bargain compared to most ssl cert providers.

StartSSL also lets you use subjectAltName to have multiple domains on one cert so that you can host multiple domains off of a single IP.
congrats on launching! but it seems like a toy since you have a page like https://getssl.me/en/csr that actively encourages the bad practice of letting a third-party see your private key.
I don't see anything interesting here. You resell Comodo SSL certs. You made a website to sell them. Nothing unique about that.
As other posters pointed out, there are obviously competitors in the space (as I'm sure you were already aware).

In my experience, buying SSL certs can be a little confusing since there are so many providers and different types of certs. I did the research to figure out what product I needed, but I can imagine a sizable niche of customers who just want someone to tell them what they need.

OK, my apologies to the OP, but how on earth does this stuff get to the front page? Is there an HN upvoting bot floating around?
Same here. I wish there were at least some kind of valuable information somewhere included.

For example how OP is (planing to) promote such a completely generic, replaceable product with a gazillion competitors and no way to differentiate the product. Except of cause with the HN upvoting bot :)

$6.95/year is hardly cheap these days. You can get the same for $3.95/year at gogetssl.com, or $1.99/year on namecheap.com during promotions.
This isn't very unique, and your pricing <isn't> the cheapest.

Namecheap: $1.99 for for their SSL with another product, right? Use coupon code WGSPECIAL and you'll get a whoisguard in your cart for $.99 and you can add another product (SSL cert) = winning. No, you don't need to add any domain name. Total is around $3.