Link to home
Start Free TrialLog in
Avatar of CHI-LTD
CHI-LTDFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Which SSL cert and supplier?

Hi
We are changing from a self signed cert to a 3rd part one.
The firewall is managed by a 3rd party co.  I have the CSR for the new cert but unsure which co to use?

https://uk.godaddy.com/web-security/ssl-certificate/options/add-ons?src=ac&plan=ssl_001sites_tier1_024mo
https://www.digicert.com/order/order-1.php

Ideas?
ASKER CERTIFIED SOLUTION
Avatar of Ayoub Rouzi
Ayoub Rouzi
Flag of France image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ste5an
The cheapest solution is to use https://letsencrypt.org/. They are free of charge, if a DV certificate is sufficient for you.

btw, depending on the use-case EV or OV certificates are necessary. Cause it "transports" another level of trust. It's like a cheap vs. an expensive business card.
Avatar of noci
noci

As addendum to @ste5an  also checkout certbot implementation for your system as the LE. certificates run for 3 month at a time.
the automation of that process is desireable. THe certbot tool was created for that in tandem with the LetsEncrypt certificates.

Certainly recommended for DV certificates. (Even Wildcards should be possible).
Avatar of CHI-LTD

ASKER

So the godaddy DV  will work with Cisco?
^^ Yes just make sure when you generated the CSR you chose 2048 bit :)

P
Avatar of CHI-LTD

ASKER

thanks
i ran the decoder which shows 2048.
cool - I usually make the mistake and have to start again :)
Comodo is another great solution that comes with multiple features apart from 256-bit encryption like Highly visible site seal , free PCI scanning service, free daily website vulnerability scanning and more. You can switch to Comodo from a self - signed SSL Certificate. Catch more update about Comodo SSL Certificate here - https://comodosslstore.com/brands/comodo
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of CHI-LTD

ASKER

This is just for the ASA VPN, but know a pen test will highlight this as an issue.
hmm, I disagree with Bhavesh's post marked as answer, because Comodo and Symantec have shown severe security issues in the past. And currently Symantec is on the list of certificates which will be removed from Chrome's default root CA list this year.