www.startssl.com better than I thought

Melbosa · April 08, 2013, 07:08:41 PM

KeePass is handy for that. I've also used LastPass and at my client sites I've been using TeamPass in a VM. All great products!!!!

Tom · April 08, 2013, 07:11:50 PM

Quote from: Lazybones on April 08, 2013, 06:10:06 PM
I use a keypass password database encrypted with a strong password stored and replicated via Dropbox . It supports file attachments so I keep a copy of the cert and its pass phase in there.

If all my client PCs are wiped out I just download keypass again (keep a copy in Dropbox just in case) mount my database and re-install the cert.

But how to you protect against the keepass db being lost or accessed? Gotta keep it in other locations, and secure it with more encryption!

Lazybones · April 08, 2013, 07:23:32 PM

Keepass databases are very secure and can take a very long passphase.

Dropbox leaves a copy of your DB local and in Dropbox. It is unlikely you would loose access to both at the same time and also suffer a disaster event at te same time. Most of what I have in Dropbox is recoverable by some form of reset which is inconvenient

Remember the suggestion was to have a way to recover your personal cer which will also be in your browser or OS key store for daily use. You would have to loose your local key store, local Dropbox and online Dropbox all at the same time to have lost the key for good.

Lazybones · March 31, 2014, 12:08:40 PM

So I logged in to renew my cert (personal key for the site worked perfectly) and screwed up during the signing process loosing private key.. Turns out there is a $24 USD revocation fee on the free certs...

It is actually cheaper for me to pay for a new cert with unlimited revoke from another provider than to revoke my free one... BOO so much for free.

Guess I will use the fairly cheap basic SSL service from domainsatcost.ca .

Melbosa · March 31, 2014, 01:12:02 PM

Company has to make monies somehow

Lazybones · March 31, 2014, 01:21:54 PM

Quote from: Melbosa on March 31, 2014, 01:12:02 PM
Company has to make monies somehow

If their revoke fee is higher than the UNLIMITED revoke that comes with a new service offered by MANY competitors they are doing it wrong. If revoke was cheaper than a full cert (elsewhere) I would have just revoked. IE this actually cost them money as their PAY service is more expensive than many others.

Melbosa · March 31, 2014, 01:27:48 PM

Whatever... they are still in business so they have to be doing something that people pay for

. At least you found out why to go somewhere else

.

Lazybones · March 31, 2014, 01:34:37 PM

Quote from: Melbosa on March 31, 2014, 01:27:48 PM
Whatever... they are still in business so they have to be doing something that people pay for . At least you found out why to go somewhere else .

Point was they failed on conversion which is a major topic in retail and online business. If they where smart they would have had an automatic option that on the free service the revoke link triggers a one time promo code to get FULL service CHEAP, thus getting money, and drastically increasing the chance I would just renew with them in the future.

Amazon and several other online retailers to a great job of this.

Tom · March 31, 2014, 03:26:14 PM

I find their setup is just annoying enough to just make me buy a cert from namecheap.