

Add HTTPS to NGINX for free and help make the world more secure - pieterhg
http://levels.io/add-https-to-nginx-for-free-and-help-make-the-world-more-secure/

======
ancarda
Why not sign your own certificate[1]? Is there any reason to trust StartSSL?
How do we trust any SSL company? They may well be giving private keys to the
NSA, especially if the certificate is free.

[1] To clarify I mean for personal use like securing your own servers for your
own use.

~~~
serge2k
Because then we start training users to just ignore those warnings about self
signed certs and effectively destroy SSL because man in the middle attacks are
made easy.

and I just saw your clarification. Who doesn't use self signed for that?

For that matter, you can do that within and organization and just push out
your CA cert company wide. Save some money.

------
deanclatworthy
The free SSL certs are maximum 256bit keys. As pointed out in Cloudflare's
blog post yesterday, a 2009-era PC could crack a 512bit SSL cert key in 73
days. Todays machines would make mincemeat of such weak certs.

~~~
tokenizerrr
I'm confused. I thought StartSSL only supported 256 bit certs, and their
website does mentioned that, but the linked article mentions generating a 2048
bit key which gets signed by StartSSL.

------
andridk
I did this yesterday for my Raspberry Pi. Sad to say, that Firefox users will
get a warning on the StartSSL certificate.

Works fine on IE and Chrome though.

------
vandevej
great thanks :)

