Re: Certificate vendors

[Martin Manjak <mm376 () ALBANY EDU>]

I agree with Derek's comments.

I will also say that we have been using StartSSL certificates for about
a year. They have a fairly rigorous verification process that you pay a
reasonable fee for. If you want domain vs. personal level verification,
you pay for that as well, again at a very reasonable amount.

Then, you can issue certificates to your heart's content. We've even
used them to sign some code.

There are issues with certain mobile devices. I don't know that I would
recommend them for large, high-profile, public facing pages that get a
wide variety of user agents/hardware.

But, they are great for internal use and I believe our VPN ASA is using
one of their certs.

They have been responsive and helpful when we've experienced
difficulties, or needed them to modify some aspects of our business
records with them.

Overall, we've been very pleased with their products and service.

Marty

On 1/14/2011 10:45 AM, Tonkin, Derek K. wrote:
> Kurt,
>
>  
>
> Not to be rude but I don’t think you can expect this to be taken
> seriously if you
>
>  
>
> A)     Don’t send it from a verifiable address (Hawaiiguy () gmail com
> <mailto:Hawaiiguy () gmail com>?!?)
>
> B)      Don’t at least provide some verifiable information in your
> signature like the school or company that you are “affliated with”
>
>  
>
> -------------Baylor University-------------
>
> Derek Tonkin
>
> Information Security Analyst
>
> Information Technology Services - Security
>
> derek_tonkin () baylor edu        254-710-7061
>
> ---------------Sic 'em Bears---------------
>
>  
>
> *From:*The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Kurt Lewis
> *Sent:* Friday, January 14, 2011 9:21 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Certificate vendors
>
>  
>
> We started using startSSL about two years ago (www.startssl.com
> <http://www.startssl.com/>) - get this, their regular 128-bit SSL certs
> are FREE.  They have EV certs for about 1/3 the price of verisign,
> comodo, globalsign, etc.  - Service is top notch and their products are
> as good as any other.  I know, sounds too good to be true right? Please
> go have a look for yourself- I am no way affiliated with them, we were
> using Comodo before. Send them an email and ask some questions, I think
> you'll be impressed with their responses and level of knowledge. We're
> using their EV certs on our production-facing sites and their regular
> SSL certs for a ton of other things. I've seen absolutely no difference
> with their certs vs. anyone elses, other that we've saved a ton of money
> and recevied a better level of customer service.
>
> -Kurt


-- 
Martin Manjak
Information Security Officer
University at Albany
CISSP, GSEC, GCWN

"What information consumes...is the attention of its recipients."
Herbert Simon, 1971