• Nick Sabalausky (10/10) Apr 01 2014 Sorry for asking this here, but I'm in a bit of a bind: Anyone know of a...
• Martin Nowak (4/12) Apr 04 2014 I'm always generating the key myself and only send them the CSR.
• Nick Sabalausky (37/68) Apr 05 2014 Digging around, I found http://www.cacert.org/ which I think I remember

Nick Sabalausky <SeeWebsiteToContactMe semitwist.com> writes:

Sorry for asking this here, but I'm in a bit of a bind: Anyone know of a 
decent alternative to StartSSL?

They'd been good right up until a few hours ago when they decided to 
screw me over by issuing me a key and cert that didn't match, started 
blaming me for it, all while offering me a nice bait-and-switch of 
$24.90 to revoke the unusable cert they gave me just so I can try my 
luck with their (apparently) unreliable system again. Forget that scam. 
(And I'm handling another domain they're also giving me trouble with, too.)

Any suggestions? Everything else I've ever seen is pretty much priced 
for corporate accounts.

Martin Nowak <code dawg.eu> writes:

On 04/02/2014 08:34 AM, Nick Sabalausky wrote:
 Sorry for asking this here, but I'm in a bit of a bind: Anyone know of a
 decent alternative to StartSSL?

No free alternative that I know of.
 They'd been good right up until a few hours ago when they decided to
 screw me over by issuing me a key and cert that didn't match, started
 blaming me for it, all while offering me a nice bait-and-switch of
 $24.90 to revoke the unusable cert they gave me just so I can try my
 luck with their (apparently) unreliable system again. Forget that scam.
 (And I'm handling another domain they're also giving me trouble with, too.)

I'm always generating the key myself and only send them the CSR.
So far I never had any troubles with StartSSL.

Nick Sabalausky <SeeWebsiteToContactMe semitwist.com> writes:

On 4/5/2014 1:54 AM, Martin Nowak wrote:
 On 04/02/2014 08:34 AM, Nick Sabalausky wrote:
 Sorry for asking this here, but I'm in a bit of a bind: Anyone know of a
 decent alternative to StartSSL?

 No free alternative that I know of.

Digging around, I found http://www.cacert.org/ which I think I remember 
being mentioned around here before. But unfortunately it appears they're 
still working on becoming a trusted root authority, so for now it's not 
much better than self-signed or expired for the average-Joe site 
visitor's user experience. I'm definitely going to keep an eye on them 
though, rooting from the sidelines.

I did finally manage to find a $9/yr "Comodo, resold through 
NameCheap"[1], both of which appear to be reputable companies (actually, 
I'd already switched my domain registrar to NameCheap about a year or 
two ago, after 100megs went downhill and got assimilated. First I've 
heard of Comodo though, but they seem to be a big name).

So I got that for my base domain, and although they don't appear to 
advertize it, they automatically included "www." like StartSSL does, 
which is nice (although decreasingly important these days).

[1] 
https://www.namecheap.com/security/ssl-certificates/domain-validation.aspx

 They'd been good right up until a few hours ago when they decided to
 screw me over by issuing me a key and cert that didn't match, started
 blaming me for it, all while offering me a nice bait-and-switch of
 $24.90 to revoke the unusable cert they gave me just so I can try my
 luck with their (apparently) unreliable system again. Forget that scam.
 (And I'm handling another domain they're also giving me trouble with,
 too.)

 I'm always generating the key myself and only send them the CSR.
 So far I never had any troubles with StartSSL.

Hmm, yea, maybe that would've decreased the likelihood of getting a 
mismatched cert. They did tell me I generated 3 keys before getting the 
cert. I *know* that *I* only generated 1, but maybe their system went 
haywire, generated 3, gave me one but generated a cert for one of the 
others.

I'd never previously had a problem with them, either, and I'd been with 
them for a few years. But even aside from this technical problem, I'm 
loosing some trust in them too. While attempting to sort it all out, I 
had this email exchange with their *CTO*:

On 04/02/2014 10:52 AM, Nick Sabalausky wrote:
 On 4/2/2014 2:55 AM, StartCom CertMaster (Eddy Nigg) wrote:
 On 04/02/2014 08:08 AM, Nick Sabalausky wrote:
 No, I only make *ONE* new key before completing the wizard (anything
 else would have been AFTER I completed the wizard for semitwist.com
 and received the cert). I have *NEVER* discarded ANY key that I
 *actually received*.

 Please send me your key and certificate file for review, I'll tell 



which
 of the files is wrong.

 Attached.

Thanks! What's the password for the key?

Ordinarily, I wouldn't have sent even the encrypted key file, but by 
this point I was already figuring on jumping ship and I was curious 
whether he'd ask for the password.

Of course, for all I know, he may have just been using that info to 
cross-check their logs to (somehow) help them determine what went wrong 
and planned on any new re-issued cert using a new fresh key. I dunno, 
maybe I'll bite just to see what happens.

I also came across this [potential FUD], although I have no idea how 
trustworthy it may or may not be:
http://danconnor.com/post/50f65364a0fd5fd1f7000001/avoid_startcom_startssl_like_the_plague_