StartSSL technically won’t give free certs to companies, though I’ve gotten some from them before. I stopped using them when they had their DDoS against their OCSP server. They also require renewing every year, which can be a hassle if you have the cert installed in a few different places.
I use ssls.com (formerly cheapssls.com) for everything now, since they just resell the bigger names that work everywhere. I register for at least a few years at a time since it’s cheap (like $5-$10 a year) and I won’t have to deal with renewing/reinstalling.
Apple’s policy of locking out Mozilla means you can’t have a more secure browser in your pocket.
Classic EFF half truth half lie. It’d be fairly trivial to make a web view browser (like chrome) that replaced http links with https ones. You may not be able to have this secure browser, but it’s totally possible to have a secure browser.
It’s my understanding that in at least some cases, HTTPS everywhere works by making an initial request to a HTTPS site, basically asking if the site is available over HTTPS, then if so, attempting an HTTPS connection to the target site.
Can anyone confirm whether it does this or whether it uses a set of sites/rules that are baked into the app? Otherwise this would mean pretty bad things for latency on your mobile.
More or less, though I think it’s an option. I tried it on the desktop a while ago, but eventually gave up.
Some sites have https enabled, but it’s not the same site as http. Sometimes it’s obvious, other times less so. Good luck figuring that out.
Or the back end is different. Wikipedia in particular may have been the same site, but it was about ten times slower. No caching? Different (http) routing? I don’t know, but it sucked.
The extension is basically a bunch of rule files that people have written and tested, so only sites that have working HTTPS versions will get added and automatically routed to. For Reddit for example, it routes you to https://pay.reddit.com/ rather than just https://www.reddit.com/.
It does not do any automatic HTTPS-trying, as that would probably break on a lot of sites that use Akamai and the like.
There’s one notable downside of this, which is that HTTPS is slower than HTTP. While this is pretty much inconsequential for someone browsing on broadband, it could make a difference on a flakey mobile data connection.
Just being able to define something like HSTS for a domain myself. Something like: always connect to my-example-bank.com over ssl, never over http. No matter what. Even if I space out and type http://my-example-bank.com in the address bar accidentally. Without having to create complicated rulesets or purge many existing rulesets I don’t want to use.
Any suggestions for cheap certs for all my side projects?
StartSSL gives you a free cert. Namecheap gives you a free one for a year, then I believe it’s around $10-20 per year afterwards.
Are those certs good on most modern browsers? Used to be that the cheap certs didn’t work everywhere.
I have all my domains at namecheap. I’ll take a look and see what kind of deal they have.
Thanks.
Just to clarify, StartSSL gives you more than one free cert, not just “a free cert.”
And I have yet to find a browser (or system CA bundle) that didn’t trust StartSSL. As such, I use them for all of my SSL needs.
StartSSL technically won’t give free certs to companies, though I’ve gotten some from them before. I stopped using them when they had their DDoS against their OCSP server. They also require renewing every year, which can be a hassle if you have the cert installed in a few different places.
I use ssls.com (formerly cheapssls.com) for everything now, since they just resell the bigger names that work everywhere. I register for at least a few years at a time since it’s cheap (like $5-$10 a year) and I won’t have to deal with renewing/reinstalling.
I use alphassl via my registrar (dynadot), which makes it cheaper than getting it direct.
Classic EFF half truth half lie. It’d be fairly trivial to make a web view browser (like chrome) that replaced http links with https ones. You may not be able to have this secure browser, but it’s totally possible to have a secure browser.
It’s my understanding that in at least some cases, HTTPS everywhere works by making an initial request to a HTTPS site, basically asking if the site is available over HTTPS, then if so, attempting an HTTPS connection to the target site.
Can anyone confirm whether it does this or whether it uses a set of sites/rules that are baked into the app? Otherwise this would mean pretty bad things for latency on your mobile.
More or less, though I think it’s an option. I tried it on the desktop a while ago, but eventually gave up.
Some sites have https enabled, but it’s not the same site as http. Sometimes it’s obvious, other times less so. Good luck figuring that out.
Or the back end is different. Wikipedia in particular may have been the same site, but it was about ten times slower. No caching? Different (http) routing? I don’t know, but it sucked.
The extension is basically a bunch of rule files that people have written and tested, so only sites that have working HTTPS versions will get added and automatically routed to. For Reddit for example, it routes you to https://pay.reddit.com/ rather than just https://www.reddit.com/.
It does not do any automatic HTTPS-trying, as that would probably break on a lot of sites that use Akamai and the like.
There’s one notable downside of this, which is that HTTPS is slower than HTTP. While this is pretty much inconsequential for someone browsing on broadband, it could make a difference on a flakey mobile data connection.
You know what would be a nice feature?
Just being able to define something like HSTS for a domain myself. Something like: always connect to my-example-bank.com over ssl, never over http. No matter what. Even if I space out and type http://my-example-bank.com in the address bar accidentally. Without having to create complicated rulesets or purge many existing rulesets I don’t want to use.