Any experience with StartSSL class 2 certs?


7

I am interested in buying a cert to sign my binaries as well as web server cert. https://www.startssl.com/?app=2 seems to provide it at decent price, but I am not sure if this is a reliable company.

They are looking for passport/company registration information before they can issue cert. Their website looks crappy and their help email bounces..reducing my confidence.

Has anyone in this forum dealt with them for class 2 certs?

What are other reliable cheap alternatives?

Ecommerce

asked May 5 '11 at 13:22
Blank
Jewelthief
151 points

10 Answers


8

Googling StartSSL together with common hot words for trouble -- like "scam", "fraud", "review", "security" -- doesn't seem to bring up anything too onerous. But don't take my word for it, do your own background check.

That said, the big suppliers of SSL certificates are pretty much guaranteed to be pre-installed in all browsers, including the mobile ones. The same can't quite be said for smaller certificate authorities. So it might make sense to hunt around for Comodo, Thawte & GeoTrust certificates (no special ordering) on the cheap. Here is a little secret for you, it is often possible to find the brand-name certificates for cheap from other resellers.

Here are some resellers:

Feel free to google around for reviews of the above resellers, and for alternatives -- f.x. google "cheap Comodo certificates" or something like that. Also look at your hosting provider, quite often the web hosting provider has special bundle deals available.

One good tip: When you are done, I would recommend you to use the online test tool at Qualys SSL Labs. It can connect to your site, and tell you quite a lot about how the SSL is set up, including the certificate chain of trust and revocation state -- which is very handy as a troubleshooting & test tool.

answered May 5 '11 at 17:05
Blank
Jesper Mortensen
15,292 points
  • Thank you very much Jesper! – Jewelthief 13 years ago

2

I don't think StartCom / StartSSL is worthy of your trust. My reasoning:

For validation they require a scanned passport and drivers license. Information like this is very sensitive as it can easily be used for identity theft, for instance to acquire a loan in your name.

As a principle, I watermark these documents with the name of the company I supplied them to. They are still perfectly legible but this way, they can no longer be used for identity theft.

Startcom is unwilling to process these watermarked documents because they 'could be forged' (not because they were unreadable or anything like that). Imagine that. Any digital image I send 'could be forged', of course. Adding or not adding a watermark changes little on that account.

And where is the business case on their end? Why do they need (or even want) documents that can be used for Identity Theft? And why won't they process documents that are clearly suited for their purpose of identification?

The only reasons I can think of is that they are either very naive in their security thinking or worse, that they have plans for your documents where the watermark would get in the way. Makes me wonder...

Also please take note that they have been hacked in the past (and admitted to that) so why trust them with you identity in this way?
http://www.theregister.co.uk/2011/06/21/startssl_security_breach/ Bas

answered May 24 '12 at 20:34
Blank
Bas
21 points

1

As per Jesper's answer, I had a very good experience with K Software (http://ksoftware.net/ ) - they are reseller for Comodo and seem to offer a good level of discount. In fact, most of my dealing after paying were with Comodo directly - expect to have to jump through a load of hoops to get any such cert because it basically says that you are who you say you are, and the issuing company is in some sense vouching for you.

HTH.

answered May 5 '11 at 19:50
Blank
Steve Wilkinson
2,744 points

1

We use StartSSL at a medium sized university. All staff and students who log in to our Portal (which all students have to do) use the cert. So far, we have had zero issues. Customer service has been excellent. Do be prepared to actually validate. Who you claim to be to qualify for class 2.

answered May 6 '11 at 00:57
Blank
Joshua
11 points

1

By far the WORST SSL provided I have ever dealt with. They require way more information then is presented on thier ordering page. Repeatedly asked me for additional CONFIDENTIAL information. Poor english spoken. Difficult to deal with. RUDE RUDE RUDE employees. STAY AWAY - You can find better service somewhere else.

answered Sep 22 '12 at 09:23
Blank
Greg
11 points

1

Basically in order to get StartSSL Organization verification (and certificates) you have to go through personal verification (and pay US$ 59.90) and only then you are allowed to proceed with Organization verification.
But personal verification payment is "non-refundable" and they can delay Org. verification for as long as they like to and with any reason whatsoever till you will go elsewhere for your certificate.
In my case they selected one of the lawyers on documents Apostille (on even on the main corp. documents) and "we trying to call him" for more than a week. Right now I have to go back to Comodo (was using it for 4 years before) for the real certificate and cancel my payment with the bank - waste of time and money!
If you are looking for this kind of "entertainment" - try it yourself.

answered Nov 10 '11 at 08:14
Blank
Max.T
11 points

0

We use them for all our certificates. Perfect pricing, very helpful company, now a root CA with all the major browsers and their support is second to none. It is common enough for a company to ask for personal as well as corporate identity before issuing certificates so there is nothing unusual there. Hope that helps.

answered May 5 '11 at 21:43
Blank
Rob Hall
1 point

0

Used them for class 2 for two years now, I havE always had excellent service from them, and the support is superb.

answered May 6 '11 at 05:49
Blank
Mike
1 point

0

i am using startssl class 1 "free" and i am very satisfy for simple https going green validation !! i recommend !!! but its trick and you must have some knowledge on ssl certificates setup to have a great experience !!

answered Mar 11 '15 at 18:45
Blank
jrxpress
1 point

-3

Have to agree with StartSSL being rude and seems almost like a scam for the class 2 certificate. I advise using someone else that has decent customer service.

answered Nov 21 '13 at 03:14
Blank
Start Ssl Awful
1 point
  • Better to simply state that you had a bad experience with startSSL vs. creating an account simply to trash them. Would suggest editing your answer with additional details. Sharing what experiences you had and what alternatives you considered / went with would help others understand your position. – Jim Galley 10 years ago

Your Answer

  • Bold
  • Italic
  • • Bullets
  • 1. Numbers
  • Quote
Not the answer you're looking for? Ask your own question or browse other questions in these topics:

Ecommerce