

SHA-2 Certificates Now Available from SSLMate - m-app
https://sslmate.com/blog/post/sha2_certs

======
AlyssaRowan
Now? They've been recommended for _years_. Do we have to actually forcibly
sunset things with dire warnings to drive upgrades? (Semi-rhetorical. Not very
much of this is your fault. <g>)

Wake me when you have ECDSA-secp256r1-SHA256, ECDSA-secp384r1-SHA384, or (when
specified) whatever replaces/updates them.

~~~
agwa
Yeah, you're right.

Part of the problem is that certificates are valid for too long and it's too
damn hard for website operators to upgrade their certs when something better
comes along. That's what SSLMate is hoping to fix.

------
m-app
Just amazing how easy (and free!) the upgrade was. Thanks, SSLMate!

~~~
thesumofall
Yes, can only second that. Absolutely painless. Generally, I'm very pleased
with how easy SSLmate makes it to get HTTPS up and running for your domains.

------
sbierwagen
Hey agwa. Any forward progress on supporting EV certs?

~~~
agwa
Now that the SHA-2 transition is finished, EV certs are next. (Because of the
transition, there was some uncertainty about where we'd be sourcing our certs
moving forward, which blocked progress on EV certs.)

~~~
avtar
I went through your FAQ but could not determine if the wildcard certs have any
restrictions. Can one cert be used on several haproxy (or whatever) instances
or are additional licences required? And do open source projects get any
discounts?

~~~
agwa
You can install a cert (wildcard or non-wildcard) on any number of servers,
haproxy instances, etc.

There aren't any discounts for open source projects at the moment, but it's
something I'll consider. GlobalSign does give away free certs to open source
projects ([https://www.globalsign.com/ssl/ssl-open-
source/](https://www.globalsign.com/ssl/ssl-open-source/)), though you
wouldn't be able to use any of SSLMate's tools or automation with one of their
certs.

