Why do SSL certificates cost so much? Shouldn't they be free?
>>51316832
google letsencrypt
free certs
>>51316832
there was a free option from a newcomer company. don't recall their name at the moment, though
you can sign your own certs but would prompt your site as insecure
>>51316848
Letsencrypt is only "free" right now if you've participated as a developer in their beta.
>>51316832
you can make your own for free but then all "modern" browsers will block your site with a huge popup saying your site is not safe, effectively creating a normie barrier (it happened to me when sharing some stuff with friends thru owncloud)
>>51316860
startssl
they have been around for a few years though
>>51316868
Source.
They said it would be free for everyone. It's the whole purpose of Lets Encrypt.
>>51317024
it not being free right now doesn't mean it won't be free eventually
>>51317066
It's not even available at all right now. It's schedule for next week.
but they are free
getting them signed by a CA costs money
but actually makes the whole excercise fucking pointless when your browser implicitly trusts a list of companies you have never fucking heard of.
lets start a revolution /g/, it's time.
everyone should tell CA's to get to fuck and we should self sign certificates. force users to read the certificate and confirm that they trust the issuer.
If anybody could get a free certificate couldn't fraudulent websites use them to spoof themselves?
Like I could make a Lets Encrypt certificate for "Microsoft Inc" and then make fake login pages for people to drop in their info thinking it's legit.
>>51317185
Horrible idea. Self-signing only works if *you* can verify that the cert is coming from the site that it claims to be coming from. Anyone can make a cert that says anything there's nothing forcing certs to be legitimate if not for CAs.
>>51317250
You could make a cert for your fake site "microsoft.dicks" but it would say it was verified by "Lets Encrypt" which would be suspicious and would probably tip off someone.
>>51317066
>>51317097
I enrolled in the beta.
I already have my cert. (their script is a cunt and does way more things on our machine ass root than it should)
>>51317250
Nobody would trust a CA that signs certs for people without checking them out first.
To get an ACME registrar (like letsencrypt) to sign such a cert, you'd need to make microsoft's domain resolve to your machine.
>>51317250
>"Microsoft Inc"
you can't do that since they don't include entitiy details (corporate or personal name) in the certs
but you could still make microsaft.com.uk or some shit
What I don't get is why there isn't encrypted but unauthorised https now.
Like, with ssh you just get a server hash and check it yourself.
Now, that'd give you a warning despite being better than plain old http.
>only sites that aren't https are porn sites
Is this an NSA ploy so they can see I jack off to nip girls who puke on squid then eat them live?
my domain registrar gave me a free ssl cert.
don't all of them do that?
>>51317427
drtuber is https AFAIR.
Probably the only one I've used, anyway.
I am using a self signed cert for rutorrent. You can easily add your cert as trusted in the settings of your browser.
>>51317422
>What I don't get is why there isn't encrypted but unauthorised https now.
Nobody with the power to get that done wants it.
ISPs, governments etc.
>>51316901
Revoking your cert costs a ton of money with them. It's just as bad business as making the cert itself cost a ton of money.
Fucking basement-level security measures shouldn't cost jack shit. Fucking internet capitalism. SSL should just be the default everywhere, fuck plain HTTP.
>>51317815
I'm quite new to this, can you explain why one would revoke an ssl cert? Can't you just let them expire?
http://www.cacert.org/
Of course, users need to add their certificate in their browsers, which is something many users will not do. They are the ones that don't care about encryption anyway.
>>51317907
people could impersonate you if they got ahold of your certificates
