Menu
What's new
By:
Filters

Free SSL for everyone...

petermeadit

petermeadit

Top Contributor
FirstPageResults said:
The Electronic Frontier Foundation has recently announced a collaboration with Cisco, Akamai, Mozilla and several other organisations to create a non-profit organisation with the purpose of making SSL free and easy to implement.

Their goal is to create a completely encrypted web.

https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web
https://letsencrypt.org/
Click to expand...

Encrypt the entire Web, that sounds very ambitious. Would be nice to get free SSL though.
 
nt81

nt81

Top Contributor
Actually, SSL installs are very easy on large websites - If you have a dedicated IP already.

Most days of the week, I install a Geotrust RapidSSL certificate (basic) for our clients and I can be done in under 5 minutes from go to whoa if I have my game face on.

Easy... Until you get to Extended validation. I did a Geotrust TrueBusiness + EV SSL cert for a customer last week. By the time we jumped through all the hoops it took exactly a week from start to finish from generating the SSL cert request through to installing it. Some of that may have been delayed by a few sick days on my behalf though. They reckon about 48 hours is the average. I was impressed. Geotrust were great as we were installing it on behalf of our client.

I've discussed this Free SSL thing with the guys at work, and we're all for free SSL certificates. A lot of webservers / shared hosting will need some modifications to allow multiple SSL certs on "shared" IP's but it is doable.

I also like that Google is pushing this, one of their few "good" ideas.

It will obviously devalue some of the entry level SSL certs but the higher level ones will be safe I think. Especially for people selling stuff via eCommerce and taking payments by CC over payment gateways etc, I don't think a "Free" SSL cert is going to be adequate for that kind of affair.

But still, golf clap to the EFF.
 
C

Cooper Mills DomainLawyer

Top Contributor
FirstPageResults

FirstPageResults

Top Contributor
nt81 said:
Actually, SSL installs are very easy on large websites - If you have a dedicated IP already.
Click to expand...

Sure, dedicated IP sounds straight forward. Most web develops should be able to do that inside 20 mins.

To clarify when I say large I'm talking about high performance sites at scale. As in hosting infastructure that needs to be custom built with dozens/hundreds of app servers, multiple static and console servers and who knows what else (f5 etc). I'm don't profess to know anything about setting that up, but the guys that do tell me its not easy to just turn SSL on site wide.
 
nt81

nt81

Top Contributor
OK, I get what you're saying now.

Sadly that would be a legacy of bad coding or lack of using a proper framework on existing large sites.

Regardless, most businesses with that kind of an issue (and cash) would likely have an SSL certificate already, and have some developers working on ensuring that nothing gets broken when they redirect it to https://

If not, they have dinosaur systems that need to be written from scratch again.
 
FirstPageResults

FirstPageResults

Top Contributor
nt81 said:
OK, I get what you're saying now.

Sadly that would be a legacy of bad coding or lack of using a proper framework on existing large sites.

Regardless, most businesses with that kind of an issue (and cash) would likely have an SSL certificate already, and have some developers working on ensuring that nothing gets broken when they redirect it to https://

If not, they have dinosaur systems that need to be written from scratch again.
Click to expand...

You misunderstand me, or perhaps I didn't make it clear enough. What I'm saying has nothing to do with coding standards or even performance.

I'm commenting on the move to switch the whole web to HTTPS.

Websites that handle millions of pageviews and transactions worldwide have complex hosting needs. To put it in perspective an online store that a top retailer like Nike runs in Australia is tiny in comparison, but still a decent account.

Yes there is already SSL in place in places for these sites, but you can't just change a config setting and redirect all pages on these types of sites. There are all types of issues to consider.

I'm fortunate enough to sit in meetings with arguably some of the most talented network engineers in the country. As I said I don't profess to know about these things, in fact my eyes glaze over most of the time.. but I do know how to write good code for web applications and it has nothing to do with that.

In this instance, to switch the whole site to a wild card SSL is a significant amount of work for everyone involved and there are many stake holders (network providers, hosting partner, web and app development teams, QA etc). The change also carries significant risk for the organisation.

So even with good resources the commerical reality of the situation means that we need to plan for it months ahead. I am sure we are not alone

So my point is it's not so easy for large websites to switch over to 100% secure. If it was we'd have done it already.

----

Back to the topic at hand. I agree that these certs won't replace the need for existing ones, but will go along way towards removing the use of self signed certs and help secure sites that are currently unsecure.

Considering the scale of meta data mining that's currently going on I'm all for it.
 
You must log in or register to reply here.

Community sponsors

Domain Parking Manager

AddMe Reputation Management

Digital Marketing Experts

Catch Expired Domains

Web Hosting

Members online

Total: 194 (members: 1, guests: 193)

Forum statistics

Threads
11,101
Messages
92,056
Members
2,394
Latest member
Spacemo

Latest posts

Share this page

Top