Solved

Cheap SSL Certificates

Posted on 2016-11-04
3
122 Views
Last Modified: 2016-11-04
I'm running a vulnerability scanner on my network and am realizing just how many things are running self signed certs.  Things such as internally face web apps, laser printers, switches, etc.  I really don't see a large security risk here as they are internally facing but would like to clear these vulnerabilities off my report so when I take it to the execs they don't see them.  Does anyone have a lead on cheap certificates?  I don't want to pay a lot since I really don't want to apply them in the first place.
0
Comment
Question by:bsjj2727
3 Comments
 
LVL 62

Expert Comment

by:btan
ID: 41874352
You can check out CACert
You must be able to confirm that you are the owner (or authorized administrator) of the domain by responding to a 'ping' email sent to either the email address

Certificates expires in 6 months for unassured accounts; 24 months for assured accounts.
http://www.cacert.org/
http://wiki.cacert.org/FAQ/ServerCerts?action=show&redirect=ServerCerts

Or Let's Encrypt
Does Let’s Encrypt issue certificates for anything other than SSL/TLS for websites?

Let’s Encrypt certificates are standard Domain Validation certificates, so you can use them for any server that uses a domain name, like web servers, mail servers, FTP servers, and many more.

Email encryption and code signing require a different type of certificate that Let’s Encrypt does not issue.

What is the lifetime for Let’s Encrypt certificates? For how long are they valid?

Our certificates are valid for 90 days. There is no way to adjust this, there are no exceptions. We recommend automatically renewing your certificates every 60 days.
https://letsencrypt.org/getting-started/
https://letsencrypt.org/docs/faq/
1
 
LVL 25

Accepted Solution

by:
Dr. Klahn earned 500 total points
ID: 41874357
Certificates in general are worth what you pay for them.

There are companies outside the U.S. that issue SSL certificates at less than half the price of a reputable U.S. company.  Those certificates are worthless if the issuer is selling your key out the back door to the Russians or any hacker that comes along, without fear of reprisal from the local law enforcement authorities.

They're also useless when a browser rejects them as not from a reputable issuery, and they're useless when they can't be confirmed because the issuer runs the operation as a sideline and didn't pay to have his certificate confirmation site's 1/8-of-a-server renewed.

Stick with a U.S. company.  Then shop for price if you wish.
1
 
LVL 52

Expert Comment

by:Joe Winograd, EE MVE
ID: 41874723
"Cheap" means different things to different folks. That said, I'm very pleased with DigiCert's pricing:
https://www.digicert.com

I don't have their SSL certs, but I do have their code-signing certs (both SHA1 and SHA256) and they have worked flawlessly — and DigiCert technical support was excellent in helping me to transition from Symantec's VeriSign code-signing certs to DigiCert's. After several years of using Symantec/VeriSign, I switched to DigiCert recently because they are much more reasonably priced, but still a highly reputable provider (an important issue, as mentioned by Dr. Klahn). Here's an EE thread that I participated in about the subject:
https://www.experts-exchange.com//questions/28951575/Recommend-a-Code-Signing-Cert-Provider-for-VBA.html

I don't know about the quality or pricing of their SSL certs, but based on my experience with their code-signing certs, I wouldn't hesitate to give them a try. Regards, Joe
1

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

823 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question