Solved

Cheap SSL Certificates

Posted on 2016-11-04
3
58 Views
Last Modified: 2016-11-04
I'm running a vulnerability scanner on my network and am realizing just how many things are running self signed certs.  Things such as internally face web apps, laser printers, switches, etc.  I really don't see a large security risk here as they are internally facing but would like to clear these vulnerabilities off my report so when I take it to the execs they don't see them.  Does anyone have a lead on cheap certificates?  I don't want to pay a lot since I really don't want to apply them in the first place.
0
Comment
Question by:bsjj2727
3 Comments
 
LVL 61

Expert Comment

by:btan
ID: 41874352
You can check out CACert
You must be able to confirm that you are the owner (or authorized administrator) of the domain by responding to a 'ping' email sent to either the email address

Certificates expires in 6 months for unassured accounts; 24 months for assured accounts.
http://www.cacert.org/
http://wiki.cacert.org/FAQ/ServerCerts?action=show&redirect=ServerCerts

Or Let's Encrypt
Does Let’s Encrypt issue certificates for anything other than SSL/TLS for websites?

Let’s Encrypt certificates are standard Domain Validation certificates, so you can use them for any server that uses a domain name, like web servers, mail servers, FTP servers, and many more.

Email encryption and code signing require a different type of certificate that Let’s Encrypt does not issue.

What is the lifetime for Let’s Encrypt certificates? For how long are they valid?

Our certificates are valid for 90 days. There is no way to adjust this, there are no exceptions. We recommend automatically renewing your certificates every 60 days.
https://letsencrypt.org/getting-started/
https://letsencrypt.org/docs/faq/
1
 
LVL 23

Accepted Solution

by:
Dr. Klahn earned 500 total points
ID: 41874357
Certificates in general are worth what you pay for them.

There are companies outside the U.S. that issue SSL certificates at less than half the price of a reputable U.S. company.  Those certificates are worthless if the issuer is selling your key out the back door to the Russians or any hacker that comes along, without fear of reprisal from the local law enforcement authorities.

They're also useless when a browser rejects them as not from a reputable issuery, and they're useless when they can't be confirmed because the issuer runs the operation as a sideline and didn't pay to have his certificate confirmation site's 1/8-of-a-server renewed.

Stick with a U.S. company.  Then shop for price if you wish.
1
 
LVL 51

Expert Comment

by:Joe Winograd, EE MVE
ID: 41874723
"Cheap" means different things to different folks. That said, I'm very pleased with DigiCert's pricing:
https://www.digicert.com

I don't have their SSL certs, but I do have their code-signing certs (both SHA1 and SHA256) and they have worked flawlessly — and DigiCert technical support was excellent in helping me to transition from Symantec's VeriSign code-signing certs to DigiCert's. After several years of using Symantec/VeriSign, I switched to DigiCert recently because they are much more reasonably priced, but still a highly reputable provider (an important issue, as mentioned by Dr. Klahn). Here's an EE thread that I participated in about the subject:
https://www.experts-exchange.com//questions/28951575/Recommend-a-Code-Signing-Cert-Provider-for-VBA.html

I don't know about the quality or pricing of their SSL certs, but based on my experience with their code-signing certs, I wouldn't hesitate to give them a try. Regards, Joe
1

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now