Hacker News new | ask | show | jobs
by cptskippy 3554 days ago 

    When this came up, the first thing I did was generate wildcard certs for our StartCom domains
A vendor you used comes under scrutiny so your response is to double down on them? Did you have prepaid credits or something? It seems like that would have been a opportune time to migrate away from them since you'd have to redeploy certs anyways.
1 comments
justinclift 3554 days ago
With StartCom, once you've gone through the personal verification procedure you don't need to pay more money for new certs, nor wildcard ones.

So, no "doubling down" involved. Just a desire to have actually working certs before Mozilla's "to be announced" cut off date happens.

And then Apple comes along and (unless I'm misunderstanding) all of our certs will be useless. :(

link
NetStrikeForce 3554 days ago
You should get a refund from your cert provider.
link
stephenr 3553 days ago
> So, no "doubling down" involved

Continuing to use a CA that has a recognised history of fucking abysmal security and wilfully deceptive actions, whether you're paying money or not, is still "doubling down" IMO.

If you're getting a wildcard cert, you aren't getting EV, so why not just make the switch to LetsEncrypt?

link