Question

Photo of Brandon Gamache

0

SSL Certificates

5

What SSL CA/Provider do you guys recommend?  Spent a good portion of today just looking at the different providers and not entirely certain which way to go. I'm looking at DigiCert, GeoTrust, and Comodo. Maybe there is another you prefer more?

Security
  • Photo of Jim Michael

    1

     

     

    I'm a big fan of DigiCert. Great reputation, great customer support, great instructions. They are not the cheapest, and yes "a cert is just a number and shouldn't cost that much" (so some say) but realize that when you buy a cert you're also somewhat relying on the reputation of the certificate authority that signs your cert to vouch for your identity. it's not ALL about simply encrypting your site... It's about proving to visitor that "you are who you say you are."

    On the opposite end of the spectrum, the free LetsEnceypt project is finally up and running and it's now viable to get a real cert for nothing. It's not a great experience on IIS, yet, but can be done. https://www.coderamblings.net/archive/lets-encrypt-how-to-set-up-on-a-windows-server-and-help-make-the-web-a-safer-place/

    As for me, at least for my church main site I prefer to pay for one and get the support/reputation that come with it. 

    • Derek Mangrum

      Derek Mangrum

      I will add my vote to DigiCert. Amazing customer service. They make SSL about as easy as it can be. Very happy customer!

    • Photo of Jay Greentree

      0

      My church rents hosting through me and I have Lets Encrypt installed on my servers so we have free certificates.

    • Photo of Michael Garrison

      0

      Sorry I'm late to the discussion, but I wanted to throw in what we're using as I found it to be a good deal. I got a 5-year AlphaSSL wildcard cert from www.ssl2buy.com (sounds shady, I know) for $150 and have been extremely happy with it. It works for all of our subdomains and on multiple servers (that is, I'm using it on our dreamhost web server site (a linux server) as well as our self-hosted on-site Rock IIS server). You have to kind of know what you're doing to get it everywhere, but it wasn't too difficult to figure out.

    • Photo of Chris Go

      0

      Hi Jay, how did you get RockRMS to point to the acme-challenge file?  Can't seem to figure out the proper routes (and/or) IIS settings for RockRMS not to display a 404 on the acme-challenge portion (where Letsencrypt servers need to access this file) 

    • Photo of Chris Go

      0

      Hi Jay, thank you for your response!  I also have Plesk 12.5 and installed the extension but I think it is in the routing and/or the IIS web.config setting that I am getting stuck.  Here is my long new question: http://www.rockrms.com/page/278?question=1158

      Sorry, don't know how to thread the comments under your answer ... it just keeps adding a new entry :( 

      • Jay Greentree

        Jay Greentree

        I had to create the .folder manually and then set the permissions for the Plesk customer to read and read all. I no longer have access so I cant get exact step by step. Hope this gets you heading down the right direction.