Need a free SSL or mail certificate?
by Volker Weber
If you need a free Class 1 SSL or mail certificate, StartSSL is the way to go now. Thawte is closing down their freemail certificates, and Microsoft has just published a root certificate update which includes StartSSL root certificates. Other browsers and mail clients have had them for a while. So does Mac OS X:
If your visitors or mail receivers have the valid root cert, they will not be prompted to verify your certificate, a problem you often face with CAcert certificates.
More > (in german)
Comments
Huh? Thawte is closing their freemail certificates? Where did you get that information? I could not find any limitation on their homepage.
@Ulf:
see
https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id
=SO12658
Was there a notification to the notaries? I don't remember any.
I have a freemail certificate and I got an expiry notice, but I just thought I had to renew it (not done it yet)...
---
Expiry Date : 11/18/2009
Dear Alex Boschmans,
Your current thawte Personal E-mail Certificate/s are due to expire soon, details thereof as above.
If you would like to continue to use a thawte Personal E-mail Certificate, please request a new one, using your thawte ID and password to access your Personal E-mail Certification Account by logging in here.
thawte offers the following products in our SSL certificate range:
blablabla
---
Christopher: I am a Thawte Notary and got a notification of the shut-down on Thursday. Verisign are "giving away" a one year mail certificate to notaries, presumably in the hope that after a year we will forget the betrayal and start paying them money for nothing.
Alex: That's just the usual notice. Don't bother renewing; they are revoking the root authority in November.
Thanks, Simon, I am a notary too, just as vowe is, but I didn't get any notification. Maybe they aren't done sending them out yet.
I'm also a Thawte Notary and also got no notofication, anyway.
Sad, that you here only get Class 1 free and Class 2 (or Class 3) costs (even if they only cost 29,- anual fee) and even to become a StartSSL Notary you have to pay for the Class 2 Certificate. Understandable, but not necessary.
I'm also a Thawte notary and got no notification.
Anyhoo, I decided to try one of these StartSSL free certs on a Domino server - just to see if it works.
Skipped the first step in the process (generate private key) as Domino creates its own keyring and generates a certificate signing request.
Pasted the Domino CSR into the StartSSL Submit Certificate Request form and got this response:
MD5 Signature Algorithm Detected
* Your certificate request was created with a potentially weak signature algorithm.
* For more information please see this FAQ item.
* Please change the signature algorithm to SHA1 or better, create a new CSR and try it again!
This is on a Domino 8.0.1 server.
Anyone know if 8.5 or 8.5.1 implements a more secure signature algorithm for SSL?
Almost 2 weeks later I just got mail from Thawte about the discontinuation. They seem to be really slow with sending out their mails.
I am a Thawte Freemail user and a StartSSL notary. For Class 2, you don't *have* to pay if you are approved by an existing notary. Class 1 is still normal Freebies just like thawte. The only time that StartSSL asks that you pay for Class 2 is if you're wanting it *now* for professional reasons or if you want to be a Notary in a place where notaries aren't convenient.
So there are free options should you pursue it...
And today I finally have my notification from Thawte. Slow is right.
Me too. Strange. Can’t say I’ll miss the Notary process though; I got quite a lot of stick from strangers wanting me to travel all over the place for them.