Solved

Cheap SSL Certificates

Posted on 2016-11-04
3
157 Views
Last Modified: 2016-11-04
I'm running a vulnerability scanner on my network and am realizing just how many things are running self signed certs.  Things such as internally face web apps, laser printers, switches, etc.  I really don't see a large security risk here as they are internally facing but would like to clear these vulnerabilities off my report so when I take it to the execs they don't see them.  Does anyone have a lead on cheap certificates?  I don't want to pay a lot since I really don't want to apply them in the first place.
0
Comment
Question by:bsjj2727
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 64

Expert Comment

by:btan
ID: 41874352
You can check out CACert
You must be able to confirm that you are the owner (or authorized administrator) of the domain by responding to a 'ping' email sent to either the email address

Certificates expires in 6 months for unassured accounts; 24 months for assured accounts.
http://www.cacert.org/
http://wiki.cacert.org/FAQ/ServerCerts?action=show&redirect=ServerCerts

Or Let's Encrypt
Does Let’s Encrypt issue certificates for anything other than SSL/TLS for websites?

Let’s Encrypt certificates are standard Domain Validation certificates, so you can use them for any server that uses a domain name, like web servers, mail servers, FTP servers, and many more.

Email encryption and code signing require a different type of certificate that Let’s Encrypt does not issue.

What is the lifetime for Let’s Encrypt certificates? For how long are they valid?

Our certificates are valid for 90 days. There is no way to adjust this, there are no exceptions. We recommend automatically renewing your certificates every 60 days.
https://letsencrypt.org/getting-started/
https://letsencrypt.org/docs/faq/
1
 
LVL 28

Accepted Solution

by:
Dr. Klahn earned 500 total points
ID: 41874357
Certificates in general are worth what you pay for them.

There are companies outside the U.S. that issue SSL certificates at less than half the price of a reputable U.S. company.  Those certificates are worthless if the issuer is selling your key out the back door to the Russians or any hacker that comes along, without fear of reprisal from the local law enforcement authorities.

They're also useless when a browser rejects them as not from a reputable issuery, and they're useless when they can't be confirmed because the issuer runs the operation as a sideline and didn't pay to have his certificate confirmation site's 1/8-of-a-server renewed.

Stick with a U.S. company.  Then shop for price if you wish.
1
 
LVL 54

Expert Comment

by:Joe Winograd, EE MVE 2015&2016
ID: 41874723
"Cheap" means different things to different folks. That said, I'm very pleased with DigiCert's pricing:
https://www.digicert.com

I don't have their SSL certs, but I do have their code-signing certs (both SHA1 and SHA256) and they have worked flawlessly — and DigiCert technical support was excellent in helping me to transition from Symantec's VeriSign code-signing certs to DigiCert's. After several years of using Symantec/VeriSign, I switched to DigiCert recently because they are much more reasonably priced, but still a highly reputable provider (an important issue, as mentioned by Dr. Klahn). Here's an EE thread that I participated in about the subject:
https://www.experts-exchange.com//questions/28951575/Recommend-a-Code-Signing-Cert-Provider-for-VBA.html

I don't know about the quality or pricing of their SSL certs, but based on my experience with their code-signing certs, I wouldn't hesitate to give them a try. Regards, Joe
1

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question