Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cheap SSL Certificates

Posted on 2016-11-04
3
Medium Priority
?
188 Views
Last Modified: 2016-11-04
I'm running a vulnerability scanner on my network and am realizing just how many things are running self signed certs.  Things such as internally face web apps, laser printers, switches, etc.  I really don't see a large security risk here as they are internally facing but would like to clear these vulnerabilities off my report so when I take it to the execs they don't see them.  Does anyone have a lead on cheap certificates?  I don't want to pay a lot since I really don't want to apply them in the first place.
0
Comment
Question by:bsjj2727
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 64

Expert Comment

by:btan
ID: 41874352
You can check out CACert
You must be able to confirm that you are the owner (or authorized administrator) of the domain by responding to a 'ping' email sent to either the email address

Certificates expires in 6 months for unassured accounts; 24 months for assured accounts.
http://www.cacert.org/
http://wiki.cacert.org/FAQ/ServerCerts?action=show&redirect=ServerCerts

Or Let's Encrypt
Does Let’s Encrypt issue certificates for anything other than SSL/TLS for websites?

Let’s Encrypt certificates are standard Domain Validation certificates, so you can use them for any server that uses a domain name, like web servers, mail servers, FTP servers, and many more.

Email encryption and code signing require a different type of certificate that Let’s Encrypt does not issue.

What is the lifetime for Let’s Encrypt certificates? For how long are they valid?

Our certificates are valid for 90 days. There is no way to adjust this, there are no exceptions. We recommend automatically renewing your certificates every 60 days.
https://letsencrypt.org/getting-started/
https://letsencrypt.org/docs/faq/
1
 
LVL 29

Accepted Solution

by:
Dr. Klahn earned 2000 total points
ID: 41874357
Certificates in general are worth what you pay for them.

There are companies outside the U.S. that issue SSL certificates at less than half the price of a reputable U.S. company.  Those certificates are worthless if the issuer is selling your key out the back door to the Russians or any hacker that comes along, without fear of reprisal from the local law enforcement authorities.

They're also useless when a browser rejects them as not from a reputable issuery, and they're useless when they can't be confirmed because the issuer runs the operation as a sideline and didn't pay to have his certificate confirmation site's 1/8-of-a-server renewed.

Stick with a U.S. company.  Then shop for price if you wish.
1
 
LVL 55

Expert Comment

by:Joe Winograd, EE MVE 2015&2016
ID: 41874723
"Cheap" means different things to different folks. That said, I'm very pleased with DigiCert's pricing:
https://www.digicert.com

I don't have their SSL certs, but I do have their code-signing certs (both SHA1 and SHA256) and they have worked flawlessly — and DigiCert technical support was excellent in helping me to transition from Symantec's VeriSign code-signing certs to DigiCert's. After several years of using Symantec/VeriSign, I switched to DigiCert recently because they are much more reasonably priced, but still a highly reputable provider (an important issue, as mentioned by Dr. Klahn). Here's an EE thread that I participated in about the subject:
https://www.experts-exchange.com//questions/28951575/Recommend-a-Code-Signing-Cert-Provider-for-VBA.html

I don't know about the quality or pricing of their SSL certs, but based on my experience with their code-signing certs, I wouldn't hesitate to give them a try. Regards, Joe
1

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question