[Discuss] Who sells the least expensive SSL certs right now?

Edward Ned Harvey (blu) blu at nedharvey.com
Tue Dec 23 12:55:50 EST 2014


> From: John Abreau [mailto:abreauj at gmail.com]
> 
> It was asserted in the bugzilla page that startssl refuses to issue a new
> certificate until you revoke the old one, and that in combination with their
> typical response times, this results in at least 5 days' downtime when
> replacing an old startssl-issued certificate with a new startssl-issued
> certificate.

The part about typical response time being "at least" 5 days (or even on the order of days) is both inaccurate and inflammatory.  So apparently the random-guy-complaining-on-internet who wrote that pearl of wisdom has some personal bias, and should not be trusted at his word.  (Surprise, surprise).

In reality, based on my numerous personal experiences with them, "Typical" is actually a few seconds.  About 95% of the time, I submit a CSR and have the cert a few seconds later.  But they have a random screening process whereby you might be subjected to "additional" security checks - they might call you or email you, or do some non-interactive checks to confirm your identity, such as simply looking for your name and address to match some public directory.  This typically is completed in less than an hour, but they say it could take up to 5 hours.  I have done these steps at all hours of the day, and on weekends and holidays.  They maintain these timeframes 24/7.

It is true that you can't get the new cert while the old cert is still valid.  (The earliest you can renew is 2 weeks before the old expires).


More information about the Discuss mailing list