A couple of years ago I knocked up a website for my brother to sell a few items from and he also hosts pictures which he uses to link back to in his eBay descriptions.

He’s now asking me to sort him out with a a secure site as Chrome is displaying insecure site to his visitors and eBay have said he can’t link back to a non secure site.

Can anyone recommend where to buy a cheap SSL certificate that will allow him to use https and keep Chrome/eBay happy (and of course his visitors data secure)?

Thanks.

Erm how about Lets Encrypt ..free

https://letsencrypt.org/

GoDaddy usually come up well on price.

https://uk.godaddy.com/web-security/ssl-certificate

I was going to say LetsEncrypt too.

GoDaddy usually come up well on price.

Yeah, there’s a reason for that.

Yup LetsEncrypt works fine for me

SSL certs typically verify that you’ve both connected to the domain you thought you had and that the domain is controlled by who you think it is.

Let’s Encrypt only does the first of those.

So it’ll stop Chrome/eBay complaining but won’t necessarily protect his visitors.

Yeah, there’s a reason for that.

I spent many years in the industry selling SSL certs. Anyone telling you that EV certs etc…. are REALLY protecting the consumer has fallen for the “it costs loads so must be good” trap.

SSL is there to encrypt your stuff end to end. Lets Encrypt enables this as well as anything else.

@ajaj

It will fit the requirement though.

letsencrypt FTW.

Set up a free Cloudflare account -content delivery network service – and you can set have a free SSL certificate.

It’s what I use on the website where I sell my girlfriend’s pants to perverts.

http://www.splooshpanties.com

RIP Startcom 🙁

Letsencrypt BUT it does depend on your host as it needs to be renewed every 3 months I think. Some hosts can do this automatically but others such as Godaddy won’t and you have to do it by hand which is just too painful. Check on their site first if your host is supported

SSL is there to encrypt your stuff end to end. Lets Encrypt enables this as well as anything else.

It depends on the situation, a very important part of SSL/TLS cert usage can be validating who you are connecting to. Sure, the OP just sounds like he needs a fudge to satisfy an eBay linking requirement but that’s generally not the use case for SSL certs.

It depends on the situation, a very important part of SSL/TLS cert usage can be validating who you are connecting to.

“It depends on the situation, a very important part of SSL/TLS cert usage can be hoping that the certification authority have made a decent job of validating who you are connecting to which from my many years of experience they rarely do.

I guess it depends if we’re talking about the main CAs or the mickey mouse ones doing things on the cheap. I certainly wouldn’t trust a mickey mouse CA for validation

I guess it depends if we’re talking about the main CAs or the mickey mouse

I benchmarked and checked most of the root cert providers. Basically, if you want a certificate you can get one you just have to work a bit harder on the verification processes when buying from the main players. They are there to make money first and protect the public second. The flaws are in the documentation required to check an organisation and the process they go through to check it, particularly off-shore (think USA big provider checking UK small business).

But the most massivest flaw ever is that nobody checks a certificate on going to a website. Who here checks every day that the SSL cert for bbc.co.uk is actually owned by the BBC? A certificate simply says that company X owns domain Y. It is 100% valid for “Dave’s dodgy motors” to have an EV certificate for ferrari.co.uk if he owns the domain.

Trust me as one who was in this industry when Verisign were making shedloads of cash that it was invented for the industry not the consumer. Lets Encrypt turned the model on its head and as a result we are actually more secure as more sites can now implement SSL and the likes of Google can start to mandate it.

I guess it depends if we’re talking about the main CAs or the mickey mouse ones doing things on the cheap. I certainly wouldn’t trust a mickey mouse CA for validation

But it’s not a question of who you trust, it’s a question of who your visitors are prepared to trust, and your visitors will trust whatever their browser is configured to trust by default. From this point of view, there’s no difference between a free certificate from Let’s Encrypt and a paid-for cert from any other provider (unless you’re talking about an Extended Validation cert where the company’s name is shown in the green box, but they’re not very common).

My company provides free SSL as part of its standard hosting accounts: you just hit a button in the control panel and it automatically gets a LE cert and renews it when necessary. Not reason not to.

It is 100% valid for “Dave’s dodgy motors” to have an EV certificate for ferrari.co.uk if he owns the domain.

Yes, although the name shown in the address bar for an EV cert should be the company name so it *should* say “Dave’s Dodgy Motors Ltd.”

https://www.sslforfree.com/

Been using this for most of the year. No problems so far.

It’s what I use on the website where I sell my girlfriend’s pants to perverts.

http://www.splooshpanties.com

Is that actually your website? 😆

I use https://www.ssls.com/

Excellent easy to use website, great support (I bought the wrong one and they had it cancelled and refunded in minutes) and great prices. Have bought stacks from them.

Highly recommended.

It’s what I use on the website where I sell my girlfriend’s pants to perverts valued paying customers.

FTFY. Your marketing skills need a bit of work.

Check with your hosting / DNS provider.. some do them for free (1and1 for example).

Nah, be cool if it was