Switched away from StartSSL, back to CACert certificates (and then to Comodo)


Update: Forget that fingerprint down there, the correct one is now on a cert from Comodo and reads like:



After the Heartbleed bug and having to regenerate all my certs, I went back to CACert certificates. Why? Because StartCom turned out to be wankers about the whole thing and handled themselves really badly.

No beer from the beer volcano for you.

PS: I’m still a CACert assurer in case you need your identity assured. This whole CACert shit has been working a lot better than anything the CA industry has come up with. I actually trust those nerds a little, I don’t trust the CAs in any way at all.

Update: The CACert auditing process seems to have stalled (?), so it looks like they won’t be included in major products for some time still. I still very much like the idea of a decentralized peer-to-peer CA, but it would mean I’d have to explain to my friends that accepting an “invalid” certificate is fine in my case, something I don’t want to do.

Yes, I know that is one of the root problems of the whole SSL architecture, but well. I gave in and spent some money with Comodo for a wildcard cert. I got it for around $60/year at CheapSSL, that’s an OK price, I think. The whole CA business is still broken, but here we are.

The correct fingerprints for psy-q.ch are now:

44 A5 29 62 23 33 B5 96 94 B1 A7 19 8A 5F AB B1
AB EF 73 79 38 B3 86 03 F1 6E AD 8C 05 5A 2A 2F

29 5C 43 69 31 1C 76 34 0F 3C 58 8E 00 17 DD 14
96 6F 6A 8A

Sorry for moving back and forth like that! I promise not to do that again unless something like Heartbleed happens again.

3 thoughts on “Switched away from StartSSL, back to CACert certificates (and then to Comodo)”

  1. Let’s Encrypt is not supporting cPanel and Apache, so it’s draw back as per my view. And one more big issue with Let’s Encrypt is that is valid of 60 days and then renewal process. I would recommend better then this is 1 year DV SSL certificate, at least i will stay away with 60 days renewal process. What you say?


    1. Of course Let’s Encrypt certs can be used in Apache. There isn’t cPanel integration yet, but you are welcome to develop that 🙂 The certificates automatically renew before the 60 day period is over, so that’s not an issue. Keep in mind Let’s Encrypt is still in beta, there is room for improvement before it becomes final. And I approved your comment even though you’ve put a certificate company in your URL. We all see what you did there 🙂


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s