⬆️ ⬇️

StartCOM: Certificate Transparency, Free * EV SSL Certificates

* (verification itself to EV level remains charged)







The liberalization of the global PKI infrastructure has not passed by the sixth largest certifying center StartCOM, beloved by many for its “unconventional” pricing policy.



As is known, the business model of the Israeli company StartCOM is different from other certification authorities: the client only pays for human labor, while the machine labor (automated processes) is free for the client. Also, StartCOM has 4 levels of identification, while issuing certificates “inside” the certification level is unlimited and free (because issuing the certificate itself is a fully automatic process, but checking the customer data is not always possible to charge the machine).

')

Previously, these rules applied to all identification classes, except EV: for each new certificate it was necessary to pay an additional 49.90 US $. Now this fee is canceled , when the EV level is reached, the client can issue an unlimited number of certificates corresponding to the EV data. The price of EV identification has remained unchanged at US $ 199.90.



According to CEO StartCOM Eddy Nigg:

HTTPS with “low-level” DV SSL is becoming the new standard of the Internet, gradually replacing plain text 'HTTP'; accordingly, the new 'HTTPS' (which should stand out just as the fact of an SSL connection was highlighted 15 years ago - note of the transfer) should be protected by EV SSL. We recognize the importance of EV SSL as a standard for most commercial sites and resources that work with user-critical information.




Another important news was the introduction of Certificate Transparency - a new standard that corrects flaws in the PKI system and is designed to combat the issuance of fake certificates for domains by maintaining issue logs. Information about the entry in the public journal is embedded in the certificate; The browser (currently only Chrome) will not display a “green bar” without this information, even for an EV certificate.

At the same time, unlike Google / Chrome requirements, StartCOM will keep logs for all issued certificates (and not just EV) on 3 different servers.



Also, in case someone from the Habrovchan community missed, StartSSL now has a new, modern design and the opportunity to receive Class 1 certificates for subdomains.

Source: https://habr.com/ru/post/280768/



All Articles