# EFF Certificate Authority - Free SSLs! - Lets Encrypt



## Steven F (Nov 18, 2014)

https://www.eff.org/press/releases/new-free-certificate-authority-dramatically-increase-encrypted-internet-traffic

 

https://letsencrypt.org/

 

They're releasing their own certificate authority that will allow for free SSLs. What do you all think? I'm looking forward to it. I hope they release "premium" SSLs (like EV), which would be a great way to support the EFF and get an SSL.


----------



## MannDude (Nov 18, 2014)

Good for them. As long as they're recognized by browsers, it'll be great.


----------



## splitice (Nov 18, 2014)

I strongly approve.


----------



## mojeda (Nov 18, 2014)

Awesome.


----------



## k0nsl (Nov 18, 2014)

/me lieks  :wub:


----------



## HalfEatenPie (Nov 18, 2014)

I wonder what the other CAs would do (the ones that make you pay). Maybe have better encryption algo? Or maybe focus more on background-checks and make sure they're able to provide detail on who they are via the cert?

I don't know...


----------



## yomero (Nov 19, 2014)

MannDude said:


> Good for them. As long as they're recognized by browsers, it'll be great.



Yep, but personally I don't think that will happen anytime soon. Mozilla, ok, chrome, maybe? IE??? Hmmm... (Hint: cacert).


----------



## splitice (Nov 19, 2014)

I don't see a problem with it being accepted. Its probably the primary reason for the 2015 release (technically its not complex to run a C.A).

The main risk I see is easy access to certificates for impersonation but I am sure they work around this through stringent validation of authorized domains (e.g restriction to domain contacts).


----------



## sv01 (Nov 19, 2014)

let's hope they don't ended like *affirmtrust*.com, never launching to public


----------



## comXyz (Nov 19, 2014)

I still use StartSSL for my small websites. For me it's good enough.

Sure I will check it out when it releases to public ^_^


----------



## raindog308 (Nov 19, 2014)

Steven F said:


> https://www.eff.org/press/releases/new-free-certificate-authority-dramatically-increase-encrypted-internet-traffic
> 
> https://letsencrypt.org/
> 
> ...



Even a "normal" cert with an optional donation.


Yes, I'd pay $5 or $10 to get my SSL from EFF as opposed to a commercial vendor.


----------



## drmike (Nov 19, 2014)

Steven F said:


> https://www.eff.org/press/releases/new-free-certificate-authority-dramatically-increase-encrypted-internet-traffic
> 
> 
> 
> ...


Awesome! Please bring it to market.

And thank you @Steven F for posting about this.


----------



## switsys (Nov 19, 2014)

Nice with another free CA.

Let's see if this one carries more weight than the former one.


----------



## Abdussamad (Nov 19, 2014)

HalfEatenPie said:


> I wonder what the other CAs would do (the ones that make you pay). Maybe have better encryption algo? Or maybe focus more on background-checks and make sure they're able to provide detail on who they are via the cert?
> 
> 
> I don't know...


They're partnering with an existing CA from the old guard so there must be some plan. According to this article they are trying to make it easier to get and install a cert. If you have root access to your server you run their script and it acquires the cert and does the server configuration for you. But most people are on shared hosting where they don't have root access so how will they get a free cert? Perhaps they can't and that is how identrust keeps its market for commercial certs.


----------



## lbft (Nov 19, 2014)

The commercial vendors can offer a couple of things that a free cert can't:


Those dumb little logos you can put on your site, that when clicked on give assurance that the site can be trusted and mention an impressively large sounding insurance policy that has never paid out in the history of the universe. Customers of e-commerce sites love them even though they don't mean anything.
EV certs: nobody is going to give away EV certs for free. As more sites have regular certs (and browser chrome gives EV certs more emphasis) there'll be a shift towards EV certs which are a lot more profitable.


----------



## Wild1145 (Nov 20, 2014)

It would be good if everyone was using https, just as peace of mind for those that are not as internet savvy, but in all fairness, Cloudflare offers a secure connection now between the client and cloudflare, and thats enough for some people.


----------



## fixidixi (Nov 20, 2014)

"you run their script and it acquires the cert and does the server configuration for you"

well aint gona happen.

@max: it'll grab the cert and download it to the vps, then. well stops as im going to use that cert as i see fit .


----------



## splitice (Nov 20, 2014)

Its an open protocol for requesting certificates. Its quite nice actually, currently working on a PHP client.


----------



## TurnkeyInternet (Nov 25, 2014)

This would be a great thing if it makes to market and is compatible - I think automation is the key, globalsign with its 1-click for instance saves so much time its worth paying for over 'free' if you are the hosting company.   But its hard to argue with free!


----------



## fixidixi (Nov 25, 2014)

My question is how are they going to handle verification:

a) if its a pain in the *swearword* then well its still not that easy to get

b) then all sorts of idiots are going to misuse it..

well...


----------



## SentinelTower (Dec 8, 2014)

splitice said:


> Its an open protocol for requesting certificates. Its quite nice actually, currently working on a PHP client.


Does this means that we will be able to get the certificate and install it by ourselves or will the install software be mandatory ?


----------



## splitice (Dec 8, 2014)

@SentinelTower Well if you trust someone else to run the certificate generation client they could do it for you, but in all likelihood the EFF may offer a web interface or something in addition to the open protocol for requesting certificates.


----------



## SentinelTower (Dec 8, 2014)

splitice said:


> @SentinelTower Well if you trust someone else to run the certificate generation client they could do it for you, but in all likelihood the EFF may offer a web interface or something in addition to the open protocol for requesting certificates.


Being able to submit our CSR via a web interface would be neat while having to run their client sounds like a no-go for me


----------

