Yes, can only second that. Absolutely painless. Generally, I'm very pleased with how easy SSLmate makes it to get HTTPS up and running for your domains.
Now that the SHA-2 transition is finished, EV certs are next. (Because of the transition, there was some uncertainty about where we'd be sourcing our certs moving forward, which blocked progress on EV certs.)
I went through your FAQ but could not determine if the wildcard certs have any restrictions. Can one cert be used on several haproxy (or whatever) instances or are additional licences required? And do open source projects get any discounts?
You can install a cert (wildcard or non-wildcard) on any number of servers, haproxy instances, etc.
There aren't any discounts for open source projects at the moment, but it's something I'll consider. GlobalSign does give away free certs to open source projects (https://www.globalsign.com/ssl/ssl-open-source/), though you wouldn't be able to use any of SSLMate's tools or automation with one of their certs.
Now? They've been recommended for years. Do we have to actually forcibly sunset things with dire warnings to drive upgrades? (Semi-rhetorical. Not very much of this is your fault. <g>)
Wake me when you have ECDSA-secp256r1-SHA256, ECDSA-secp384r1-SHA384, or (when specified) whatever replaces/updates them.
Part of the problem is that certificates are valid for too long and it's too damn hard for website operators to upgrade their certs when something better comes along. That's what SSLMate is hoping to fix.
8 comments
[ 2.9 ms ] story [ 34.3 ms ] threadThere aren't any discounts for open source projects at the moment, but it's something I'll consider. GlobalSign does give away free certs to open source projects (https://www.globalsign.com/ssl/ssl-open-source/), though you wouldn't be able to use any of SSLMate's tools or automation with one of their certs.
Wake me when you have ECDSA-secp256r1-SHA256, ECDSA-secp384r1-SHA384, or (when specified) whatever replaces/updates them.
Part of the problem is that certificates are valid for too long and it's too damn hard for website operators to upgrade their certs when something better comes along. That's what SSLMate is hoping to fix.