back to article GeoTrust founders offer free SSL

Four former GeoTrust executives have returned to the SSL market after a five-year absence with the formation of a new company, AffirmTrust, which will compete with their alma mater. Expected to launch in July, AffirmTrust plans to kick off its marketing by giving away three-year basic validation certificates for free. Extended …

COMMENTS

This topic is closed for new posts.
  1. Darcy

    Market $450 against $50?

    After being voluntarily eaten by the borg these guys are back to do it again? What a come back plan - market a $450 cert against a $50 cert! How intelligent of them! Maybe they will sell 10 of them and then be aquired by Sony.

    1. Aaron Em

      Not to mention

      that even a free basic validation cert doesn't do you a hell of a lot of good until the common browsers know about the issuing CA -- until that happens, people will be getting certificate-validation warnings whenever they go to your site, which has pretty much the opposite of the confidence-building effect provided by a proper cert from a CA anyone knows or cares about.

      Also GoDaddy EV certs are currently $37.50 a year, which, if my figures are right, works out by comparison to roughly "you'd have to be stupid to buy an EV cert from these GeoTrust morons".

    2. SImon Hobson Bronze badge

      Need to read more carefully ...

      OK, it's easy to get mixed up as the article isn't all that clear without careful reading, but this outfit is pitching "free" against $50 from Go Daddy. $450 is for their enhanced certificates, which the article doesn't give a comparable price for from Go Daddy.

  2. Lee Dowling Silver badge

    Bought a GoDaddy cert recently

    Cost me £50 for 5 years - only basic validation obviously, but it's hardly bank-breaking stuff nowadays. Hell, I pay more than that to the company hosting my domain name, and my hosting is another bill of a lot more still.

    If you have a need for SSL for securing transactions, the prices for basic certs are a drop in the ocean compared to everything else (e.g. PCIDSS standards, hosting, commission, etc.). If you have a need for SSL just for the encryption, then you can get stupidly cheap certs that fit the bill.

    And when it comes to security, I'm not sure "Our website uses a free SSL certificate!" is particularly confidence-inspiring in either the website or the certificate issuer.

    1. jonathanb Silver badge

      Does anyone care

      Provided they have the padlock on the screen and no error messages, does anyone actually look at the SSL certificate? I know I generally don't. Certainly if it is for my own internal exchange server which I know is legit anyway, I'm just looking for something to save me the hassle of installing self-signed certificates in every browser I use.

      1. Danny 14
        Thumb Up

        indeed

        we use a dirt cheap SSL cert too - its for OWA and our alfresco portal. Only staff use it anyway so as long as it avoids browser CA rejections we are good to go.

  3. Anonymous Coward
    Anonymous Coward

    $50?

    $8.95/year at namecheap for a Comodo PositiveSSL certificate and they work fine. $139 for a green bar.

  4. Anonymous Coward
    Anonymous Coward

    Try reading the article

    They are marketing a $0 cert against a $50 cert. Although they are marketing the $450 against a $100 cert so that is not going to do so well.

  5. b166er

    Already a trusted CA

    StartSSL, free certs, win

    1. Chris_Maresca
      FAIL

      But - Offline?

      There website is offline for the next four days....

      Not something I'd expect from a company running critical infrastructure... What if you need to revoke a cert?

      1. Danny 14
        Thumb Up

        indeed

        plus is their CA in modern browsers?

        IPSCA offer free *wildcard* SSL to education too.

  6. Anonymous Coward
    FAIL

    Of course,,,

    None of this will do anything to address the fact that the whole SSL certicate chain and "trusted issuer" system is fundamentally broken; the Reg ran an article on exactly this point a month or two ago.

  7. TJ1
    FAIL

    StartSSL offline for several days!

    Not a great inspirer of confidence in a 'free' provider:

    "We apologize for the temporary inconvenience. The service will be offline until Monday, the 20th June 2011. Thank you for your understanding."

    http://www.startssl.com/

  8. Richard Lloyd
    Thumb Down

    Never liked GoDaddy myself

    GoDaddy may be cheap for SSL certs but the last time I used them they had the sharp practice of defaulting to auto-renewing the SSL and taking the money off me with no warning.

    After that debacle, I use Servertastic now - the cheapest UK reseller of RapidSSL certs - buying in batches of 10 or more works out at about 6.50+VAT each. Nice to be billed by a UK company in UK pounds for your SSL certs too!

    BTW, b166er, StartSSL.com is "offline until 20th June" - doesn't inspire much confidence in them!

  9. TJ1
    Thumb Up

    Already accepted by Mozilla, Chrome, Opera, Microsoft, Apple

    Mozilla: https://bugzilla.mozilla.org/show_bug.cgi?id=633546

    Chome: http://code.google.com/p/chromium/issues/detail?id=48608

    Opera: http://my.opera.com/rootstore/blog/2010/07/28/new-roots-new-ev-and-a-new-public-suffix-file

    Microsoft: http://social.technet.microsoft.com/wiki/contents/articles/may-2010-root-update-new-cas-and-new-root-certificates.aspx

    Apple (iOS 4.1+, OSX 10.6.4+): http://support.apple.com/kb/HT4415

  10. TJ1
    Thumb Up

    Already accepted by Mozilla, Chrome, Opera, Microsoft, Apple

    (spullin mistax figxed)

    Mozilla: https://bugzilla.mozilla.org/show_bug.cgi?id=633546

    Chrome: http://code.google.com/p/chromium/issues/detail?id=48608

    Opera: http://my.opera.com/rootstore/blog/2010/07/28/new-roots-new-ev-and-a-new-public-suffix-file

    Microsoft: http://social.technet.microsoft.com/wiki/contents/articles/may-2010-root-update-new-cas-and-new-root-certificates.aspx

    Apple (iOS 4.1+, OSX 10.6.4+): http://support.apple.com/kb/HT4415

  11. Anonymous Coward
    Devil

    Hidden agenda?

    >"AffirmTrust plans to kick off its marketing by giving away three-year basic validation certificates for free. Extended validation certs will cost $450."

    Sounds to me like they're trying to make basic (i.e., no) validation even more worthless than it already is, in order to boost the market for the supposedly-more-secure extended validation certs. Commoditize the complement and all that.

    The flaw in their plan, of couse, is that a $0 basic validation cert doesn't actually offer your end-users any more or less guarantee of security than a $450 enhanced cert.

    The non-flaw in their plan, of course, is that most big web hosts don't actually care about the security of their end-users, and most of their end-users don't know the difference.

  12. alain williams Silver badge

    Everyone is going to want SSL soon ...

    if the google sponsored SPDY extension to the HTTP protocol comes in. (This is the thing that is supposed to make a 50% improvement in downloading a web page.) SSL is integral to SPDY, ie google is trying to make everyone use SSL all the time -- the speed improvement will be a strong motivator for most people.

  13. b166er
    FAIL

    StartSSL

    Cert still works, what conclusion have you jumped to?

    1. Danny 14
      Facepalm

      yes

      but what if you need to *REVOKE* a certificate. Oh its ok, i'll wait till monday. (It is a friday afterall!)

  14. heyrick Silver badge
    Unhappy

    I just wish...

    ...it was possible to turn on encryption without certs or warnings. I'm not selling anything, I'm not asking for personal details, but in this day and age the ability to leave the realm of "all in the clear" would be welcomed. My server can SSL, so can my browser. Why is there no "make it so" option that doesn't involve scary warnings from a browser?

  15. John Robson Silver badge
    Stop

    DNSSEC, and an SSLkey record type

    See title

    Then we can forget about all of these dappy certificate issuing bodies and roll our own without warnings - the browser (or other application which wishes to communicate securely) can simply look up the required certificate via a secured sideband transmission.

    If we want to get all clever about it then why not add DNSCurve to the list as well, encrypt the DNS queries as well...

  16. OffBeatMammal

    I still miss the Web of Trust

    anyone remember the Thawte Web of Trust? For personal certs it was a great idea that scaled well and added the ability to actually sign emails (though not gen SSL certs)

    I wonder what the opportunity would be to take that idea though and deploying it for extended validation SSL certs and undercut all these guys

This topic is closed for new posts.

Other stories you might like