Hacker News new | comments | show | ask | jobs | submit login

I use StartCom, and I revoked and re-keyed yesterday. In the revocation reason, I linked to the CVE. They waived the fee, citing "exceptional circumstances." It could be that they're waiving fees only for paying users. My certs with them are all class 2 wildcards; definitely not free. Or it could just be inconsistency during a very hectic time for them.

I've used several CAs and StartCom is the one I dislike the least. I wish Amazon would become a registrar and CA. Then AWS would really be one-stop shopping.




I have free Class 1 certs, and had to pay for all revocations. They did ask me first and pointed out that upgrading to Class 2 would be cheaper, and suggested that reissueing at Class 2 would be sufficient. However, they admitted it would create more latency. I bit the bullet and went ahead with the revocations.

My wallet is unhappy, and I do feel like charging for revocations is a bit odd, since revocations usually happen for security reasons and this deincentivizes good security. OTOH, they do run a business and I've created work for them at no charge previously, so I'm not mad.


It's not unreasonable to charge a little bit for a revocation. They require more work than a cert itself (updating and hosting the revokes list etc.) and a fee prevents unneccesary revokations from taking place.


Yeah, I'm not really mad. Every time I have interacted with StartCom personnel they've been fast, courteous and competent, and their style is enjoyably direct and goal-focused (plain email, no boiler plate, no patronizing). I like the idea of competent people getting paid well, so that soothes my hurting wallet a bit.


How does the Class 2 pricing actually work? You need to pay $59 for your personal identity, and then $59 per domain, and then you can get unlimited Class 2 certs for that domain?


AIUI, it's $60 for an identity validation, which is valid for 350 years. Within those 350 days you can create unlimited certificates at no additional charge, which are valid for 2-3 years (depending on type). That means you basically need to pay $60 for a revalidation every 2-3 years so you can reissue certificates to replace expiring ones.


Furthermore, you aren't bounded to any domain. So Startcom gives unlimited SSL/SMIME/Code signing certificates for almost a year after paying $60. Non-wildcard certificates are free (altough your name isn't on the cert). I find it's the most reasonably priced CA of them all.


I just redid my personal ID after a year, but paperwork stalled refreshing my company ID. Now Heartbleed has struck, and I'm in the position of not having a current validation for the company (currently waiting on their return call). If I revoke, I can't reissue...




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: