During the course of renewing my SSL certs for another term, I happened upon an advertisement for a company called StartSSL who offers free SSL certificates. My curiosity got the better of me and I had to click to find out more.StartSSL offers several products ranging from extremely basic free certificates all the way to extended validation (EV) certs.
One indicator of a Certificate Authority's reputation is whether or not it is included as a trusted authority in major browsers and OS distributions. According to their web site, StartSSL (also known as StartCom Ltd.) certs are supported by all major browsers and platforms. Upon checking the default trusted certificate authorities in Chrome, Firefox and a Windows VM, I found that statement to be true.
As to the claim of a free SSL cert, they are quite clear that the offering is a "low assurance" certificate. I decided to give it a try, and for a completely automated free process, it works quite well. The only information that is included in the certificate is that which can be verified. In the case of the free offering, that is either an email address or a domain name. Once you prove that you control the address or domain, the cert is issued. One must note that this does not prove identity or ownership of the email address or domain; only control of such. Based on this premise, "low assurance" adequately describes the product. This is basically one step above a self-signed certificate as it does require validation, albeit at a very low level.
StartSSL also offers what they refer to as a Class 2 and Class 3 certificate, which requires the validation steps one would expect of any reputable certificate authority. These certs, as well as the extended validation product, are fairly inexpensive yet still appear to require the same level of documentation that any other cert authority would require for such a certificate.
Based on what I have seen, StartSSL may very well warrant a second look the next time I need to purchase or renew an SSL certificate.
StartSSL PKI
No comments:
Post a Comment