Solved

Cheap SSL Certificates

Posted on 2016-11-04
3
138 Views
Last Modified: 2016-11-04
I'm running a vulnerability scanner on my network and am realizing just how many things are running self signed certs.  Things such as internally face web apps, laser printers, switches, etc.  I really don't see a large security risk here as they are internally facing but would like to clear these vulnerabilities off my report so when I take it to the execs they don't see them.  Does anyone have a lead on cheap certificates?  I don't want to pay a lot since I really don't want to apply them in the first place.
0
Comment
Question by:bsjj2727
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 63

Expert Comment

by:btan
ID: 41874352
You can check out CACert
You must be able to confirm that you are the owner (or authorized administrator) of the domain by responding to a 'ping' email sent to either the email address

Certificates expires in 6 months for unassured accounts; 24 months for assured accounts.
http://www.cacert.org/
http://wiki.cacert.org/FAQ/ServerCerts?action=show&redirect=ServerCerts

Or Let's Encrypt
Does Let’s Encrypt issue certificates for anything other than SSL/TLS for websites?

Let’s Encrypt certificates are standard Domain Validation certificates, so you can use them for any server that uses a domain name, like web servers, mail servers, FTP servers, and many more.

Email encryption and code signing require a different type of certificate that Let’s Encrypt does not issue.

What is the lifetime for Let’s Encrypt certificates? For how long are they valid?

Our certificates are valid for 90 days. There is no way to adjust this, there are no exceptions. We recommend automatically renewing your certificates every 60 days.
https://letsencrypt.org/getting-started/
https://letsencrypt.org/docs/faq/
1
 
LVL 27

Accepted Solution

by:
Dr. Klahn earned 500 total points
ID: 41874357
Certificates in general are worth what you pay for them.

There are companies outside the U.S. that issue SSL certificates at less than half the price of a reputable U.S. company.  Those certificates are worthless if the issuer is selling your key out the back door to the Russians or any hacker that comes along, without fear of reprisal from the local law enforcement authorities.

They're also useless when a browser rejects them as not from a reputable issuery, and they're useless when they can't be confirmed because the issuer runs the operation as a sideline and didn't pay to have his certificate confirmation site's 1/8-of-a-server renewed.

Stick with a U.S. company.  Then shop for price if you wish.
1
 
LVL 53

Expert Comment

by:Joe Winograd, EE MVE
ID: 41874723
"Cheap" means different things to different folks. That said, I'm very pleased with DigiCert's pricing:
https://www.digicert.com

I don't have their SSL certs, but I do have their code-signing certs (both SHA1 and SHA256) and they have worked flawlessly — and DigiCert technical support was excellent in helping me to transition from Symantec's VeriSign code-signing certs to DigiCert's. After several years of using Symantec/VeriSign, I switched to DigiCert recently because they are much more reasonably priced, but still a highly reputable provider (an important issue, as mentioned by Dr. Klahn). Here's an EE thread that I participated in about the subject:
https://www.experts-exchange.com//questions/28951575/Recommend-a-Code-Signing-Cert-Provider-for-VBA.html

I don't know about the quality or pricing of their SSL certs, but based on my experience with their code-signing certs, I wouldn't hesitate to give them a try. Regards, Joe
1

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question