Hacker News new | past | comments | ask | show | jobs | submit login

Check historio.us, the ssl cert there is a free one (which is, sadly, why subdomains don't validate).

AFAIK this is common to all certs (free or otherwise). You need a separate one for each subdomain (including www).

No, there are also wildcard certificates that match all subdomains, but are rather more expensive.

Wildcard certificates are available for USD $49.90 from StartSSL (http://www.startssl.com/?app=40), which is rather more expensive than free, but shouldn’t be a hardship.

The only downside to wildcard certs through StartSSL is that getting one requires high-resolution proof of personal identity, to be kept on file outside local jurisdiction (the company's based in Israel) until the cert's final renewal or revocation, plus seven years.

I admire their model of only charging for operations which require human intervention, like identity validation, but handing over that degree of documentation for that amount of time requires a lot of trust, not just of the company as it currently exists, but as it will exist in the far future.

If there was a way to validate organizations which wasn't layered on top of an earlier validation of an individual, or if their decentralized web-of-trust was usable for class 2/wildcard certs, I'd be a big fan.

As it is, there's no reason not to use Start for class 1, single-domain certs, for which the validation is automated and reasonable.

Wildcard certs don't match the underlying domain, though. See, for example, dropbox.com instead of www.dropbox.com; they've got a wildcard cert and it's not valid for dropbox.com.

Didn't know that, thanks.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact