On Friday, 21 February 2014 at 20:35:12 UTC, Dicebot wrote:
> On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:
>> dlang.org and dconf.org now support https,
>>
>> https://dlang.org
>> https://dconf.org
>>
>> Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.
>
> Why can't free startssl certificate be used?

The whole certification principle is about how much you trust who sign the certificate. I trust digital mas much more than startssl.

On Friday, 21 February 2014 at 20:46:05 UTC, Adam Wilson wrote:
> On Fri, 21 Feb 2014 12:40:29 -0800, Walter Bright <newshound2@digitalmars.com> wrote:
>>> Why can't free startssl certificate be used?
>>
>> I never heard of it.
>
> I don't think they allow it for anything other than personal use though.

Nope, they can be used for any purpose. All they do is verify you own the domain in question (not do the more rigorous confirmation of actual identity).

For $59.90 Walter could get a class 2 organization verification for Digital Mars and do code signing so we can get rid of that scary message when people run the installer. We use StartSSL for our code signing and website SSL and are happy with it.

On Fri, 21 Feb 2014 15:55:02 -0500, deadalnix <deadalnix@gmail.com> wrote:

> On Friday, 21 February 2014 at 20:35:12 UTC, Dicebot wrote:
>> On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:
>>> dlang.org and dconf.org now support https,
>>>
>>> https://dlang.org
>>> https://dconf.org
>>>
>>> Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.
>>
>> Why can't free startssl certificate be used?
>
> The whole certification principle is about how much you trust who sign the certificate. I trust digital mas much more than startssl.

The problem is not who deadalnix trusts, it's who the browser trusts.

I agree with others here, it should not be self-signed. It should be either unencrypted, or a trusted CA certificate.

-Steve

On Friday, 21 February 2014 at 20:55:04 UTC, deadalnix wrote:
> On Friday, 21 February 2014 at 20:35:12 UTC, Dicebot wrote:
>> On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:
>>> dlang.org and dconf.org now support https,
>>>
>>> https://dlang.org
>>> https://dconf.org
>>>
>>> Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.
>>
>> Why can't free startssl certificate be used?
>
> The whole certification principle is about how much you trust who sign the certificate. I trust digital mas much more than startssl.

Wrong. Don't confuse PGP with SSL, latter has nothing to do with trust in its current form.

On 2/21/2014 12:57 PM, Brad Anderson wrote:
> For $59.90 Walter could get a class 2 organization verification for Digital Mars
> and do code signing so we can get rid of that scary message when people run the
> installer. We use StartSSL for our code signing and website SSL and are happy
> with it.

Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?

On Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:
> On 2/21/2014 12:57 PM, Brad Anderson wrote:
>> For $59.90 Walter could get a class 2 organization verification for Digital Mars
>> and do code signing so we can get rid of that scary message when people run the
>> installer. We use StartSSL for our code signing and website SSL and are happy
>> with it.
>
> Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?

The one cost and you could cover everything. StartSSL is novel in that all they do is verify your identity then let you generate as many certificates as you want. Most other CAs charge on a per certificate basis. I'm pretty happy with StartSSL apart from their terrible website.

On 2/21/14, 12:34 PM, Walter Bright wrote:
> dlang.org and dconf.org now support https,
>
> https://dlang.org
> https://dconf.org
>
> Note that this is a self-signed certificate, and so when you first
> access it you'll get a dire warning from your browser.

At this point I'm just repeating what others have already said, but self-signed is seriously unprofessional.  It's worse than not having https from a reputation standpoint.

On Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:
> Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?

Any certificate is tied to domain or masked domain. Covering both *.digitalmars.com and *.dlang.org with same certificate is impossible.

On 2/21/2014 4:39 PM, Brad Anderson wrote:
> On Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:
>>
>> Would that work for all the websites? I.e. digitalmars.com, dlang.org,
>> etc., or would it be a separate charge for each?
>
> The one cost and you could cover everything. StartSSL is novel in that
> all they do is verify your identity then let you generate as many
> certificates as you want. Most other CAs charge on a per certificate
> basis. I'm pretty happy with StartSSL apart from their terrible website.

This is true (I do it on my server, hosting a couple domains ATM).

However, unless they've changed it since I last looked, you can't do subdomains (other than www.*) with their free cert.

On 2/21/2014 3:57 PM, Brad Anderson wrote:
>
> For $59.90 Walter could get a class 2 organization verification for
> Digital Mars and do code signing so we can get rid of that scary message
> when people run the installer. We use StartSSL for our code signing and
> website SSL and are happy with it.

I think it's pretty much standard practice in the Windows world to ignore that warning. I've seen very little software that does bother with that code signing.