<div dir="ltr">We use DigiCert at work and haven't ever had any issues. I actually really like their support and information they have in their help section.<div><br></div><div>Personally, I use <a href="http://letsencrypt.org">letsencrypt.org</a>. The official client is awful, but this one is great -- <a href="https://github.com/hlandau/acme">https://github.com/hlandau/acme</a></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jan 30, 2017 at 3:08 PM, Brian W. Neu <span dir="ltr"><<a href="mailto:ale@advancedopen.com" target="_blank">ale@advancedopen.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Randomly logged into my StartCom account today to see all kinds of red text about free verifications and expirations and workarounds.<br>
<br>
Through a little reading, it's clear that the Mozilla Foundation and Google have both announced that they are distrusting the StartCom and WoSign CA's due to deceptive practices unbecoming of a certificate authority. The short story is that WoSign, a Chinese company claiming 70% of the certificate market in China, was allowing for the backdating of new SHA1 signings to avoid some kind of sunset imposed by Microsoft and others. WoSign also acquired StartCom in 2015, and purposely hid this from the public, even denied it to the Mozilla Foundation until irrefutable evidence surfaced.<br>
<br>
Looks like StartCom is trying to mitigate damage by spinning off as a separate entity, but what a disaster! Any alternative CA's led by non-shady businessmen? Comodo?<br>
<br>
<a href="https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/" rel="noreferrer" target="_blank">https://blog.mozilla.org/secur<wbr>ity/2016/10/24/distrusting-<wbr>new-wosign-and-startcom-<wbr>certificates/</a> <br>
<br>
<a href="https://en.wikipedia.org/wiki/StartCom" rel="noreferrer" target="_blank">https://en.wikipedia.org/wiki/<wbr>StartCom</a><br>
<br>
<a href="https://www.thesslstore.com/blog/wosign-startcom-separated/" rel="noreferrer" target="_blank">https://www.thesslstore.com/bl<wbr>og/wosign-startcom-separated/</a><br>
<br>
<a href="https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html" rel="noreferrer" target="_blank">https://security.googleblog.co<wbr>m/2016/10/distrusting-wosign-<wbr>and-startcom.html</a><br>
<br>
______________________________<wbr>_________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/li<wbr>stinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/li<wbr>stinfo</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">James Sumners<br><a href="http://james.sumners.info/" target="_blank">http://james.sumners.info/</a> (technical profile)<br><a href="http://jrfom.com/" target="_blank">http://jrfom.com/</a> (personal site)<br><a href="http://haplo.bandcamp.com/" target="_blank">http://haplo.bandcamp.com/</a> (music)</div>
</div>