

SSL Certificate summer sale has just started - GetSSL_me
https://getssl.me/en?utm_campaign=summer-sale

======
evadne
Design is good.

However, your on-sale price for Comodo PositiveSSL Wildcard is $ 6.95 more
expensive than Comodo’s own offering [1] [2].

[1] [https://comodosslstore.com/positivessl-
wildcard.aspx](https://comodosslstore.com/positivessl-wildcard.aspx)

[2] [http://cl.ly/image/210I2n2R000Y](http://cl.ly/image/210I2n2R000Y)

~~~
GetSSL_me
Thanks for the comment. Yes, you are absolutely right. Wildcard SSL is
currently cheaper from Comodo because they have a promotion themselves.

However, Business validated certificate is still significantly cheaper from
us: $65.95 vs $99.95 [1]. Standard certificate is few dollars cheaper too.

[1] [http://i.imgur.com/FoVTH80.png](http://i.imgur.com/FoVTH80.png)

------
true_religion
Even with their sales, its still more expensive than NameCheap[1]'s $85 or $91
domain validated wildcard certs.

[http://www.namecheap.com/ssl-
certificates/comodo.aspx](http://www.namecheap.com/ssl-
certificates/comodo.aspx)

------
nekgrim
I'm a SSL certificates newbie. What's the added value of using a SSL reseller,
instead of buying directly from Comodo?

~~~
GetSSL_me
Price and support. We want our customers to be satisfied.

------
tallanvor
To be honest, I expect someone trying to sell me a SSL certificate to be using
an EV certificate on their own site.

~~~
somesay
To be honest, I don't get your comment. Neither does GetSSL use a EV cert nor
is the usage of EV certs limited to resellers.

------
ck2
[http://www.startssl.com/?app=40](http://www.startssl.com/?app=40)

~~~
phaet0n
Despite all the hubbub about spying by the NSA and Huawei, an Israeli company
would be the absolute last* one that I would trust with my company's security.

Alas, SSL, along with the DNS system, is just a massive internet racket.

(*) Of course I exaggerate, but only slightly.

~~~
somesay
Just another guy who talks about SSL without knowing the basics. I don't know
what annoys me more: Someone how completely ignores cryptology and its
security features or these guys who have such a dangerously low knowledge that
they spread bullshit the whole day.

In fact, you don't have to trust StartSSL at all. They securely give you a
valid cert while you don't have to reveal your private key at any time. Your
private key is either generated manually on your sever by yourself or within
the browser, on client side.

The important points are: StartSSL is trusted by all modern browsers and
systems and they are cheap. There is nothing more to care about. In fact,
_any_ trusted CA could be attacked and generate certs for man-in-the-middle
attacks.

So, stop your stupid prejudice here. Actually, a CA from the Netherlands got
known for being corrupted some years ago.

~~~
phaet0n
You are absolutely right that I didn't have to reveal my "prejudice" here.

For that I apologize.

However, you are mistaken that I don't have to trust StartSSL, or any CA at
all. In requesting a certificate, I am siginalling that I require a method by
which an unknown party can reasonably verify that they are indeed dealing with
me. If I am already well known, and a target of attack, it doesn't matter
which CA I deal with, every one is potential source of vulnerability. However,
if I am not broadly known, and seeking out deals on certificates, and not
investing in an EV certificate (why just get a padlock, get the snazzy green
bar!), what exactly is the purpose of me investing in a certificate? Well,
you're paying for your customers to have faith that whatever faith they have
in you is not misplaced, or more precisely no bad guys will get their credit
card number which they are sending to you, along with their personal details.

This whole idea behind SSL, https, and ultimately DNS is a broken. And yes, my
response was naive enough to be read naively. For that I'm sorry. But this
particular post is probably not the place to discuss these shortcomings...

~~~
somesay
As you said, the hierarchical system is somehow broken. You are just paying to
get a cert that is trusted by the browser and therefore looks fine for the
user. Also you get some insurance thing and maybe a nice button to place in
your web shop. That's all. The main point is using some encryption without
throwing a warning message and gain some level of security.

Also, the "potential source of vulnerability" has nothing to do with how big
you are.

SSL is as save as the CA list used by the browser is. It really doesn't matter
which CA you actually choose then.

~~~
phaet0n
> SSL is as save as the CA list used by the browser is. It really doesn't
> matter which CA you actually choose then.

Which is why a _comprehensive_ history of when, how, and why CA root certs
were added to various browsers, and the politicking behind it, would be quite
illuminating.

Recall it was only around 2000 when the US relaxed export restrictions
somewhat on cryptographic software. [1] So given that sensitive fact, the
policy, and architecture of systems such as browser security should be
questioned, especially because a select few are making essentially free money
selling green address bars.

[1]
[http://en.wikipedia.org/wiki/Key_size#Symmetric_algorithm_ke...](http://en.wikipedia.org/wiki/Key_size#Symmetric_algorithm_key_lengths)

------
thaumaturgy
Website copy (the text) needs a bit of polish. I clicked around a bit to find
out a bit more about you, and went "eek".

Otherwise, I really like the layout of the site. It's simple and easy.

