Ask HN: Where should someone buy a SSL certificate?
There always seems to be talk about some SSL cert service (VeriSign) that has been hacked or gone under. I'm trying to buy my first SSL certificate and there are so many options out there that its hard to know which one, what are the risks? Is any certificate authority okay? Will self signed certs be good enough?
Clearly the issue is the man-in-the-middle attack, which I have a high level understanding of, and makes every CA susceptible to the same attack if they are compromised.. but are there good CA's that people have had experience with? Is it less safe to get a wildcard cert than individual certs for each domain?
Thanks HN
14 comments
[ 3.1 ms ] story [ 32.5 ms ] threadI don't know a good recommendation. I just wanted to clarify that SSL provides no protection in that particular case.
SSL protects you and your users from many other attack vectors, and is important. It wasn't my intention to argue against SSL, just to point out the truth of our modern day situation.
For public consumption, no. For anything internal, yes.
All you need is for your domain to show up with the little special icon in the browser when you use https. Other than that, it doesn't matter. Get the cheapest one that browsers recognize.
Their due diligence on verifying who is requesting the cert probably helped; but I've seen some people complain that it's not a quick/easy process: http://danconnor.com/post/50f65364a0fd5fd1f7000001/avoid_sta...