What Certificate provider do you use?

  • DNS Benchmark v2 is Finished and Available!
    Guest:
    That's right. It took an entire year, but the result far more accurate and feature laden than we originally planned. The world now has a universal, multi-protocol, super-accurate, DNS resolver performance-measuring tool. This major second version is not free. But the deal is, purchase it once for $9.95 and you own it — and it's entire future — without ever being asked to pay anything more. For an overview list of features and more, please see The DNS Benchmark page at GRC. If you decide to make it your own, thanks in advance. It's a piece of work I'm proud to offer for sale. And if you should have any questions, many of the people who have been using and testing it throughout the past year often hang out here.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.

  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

P

PeterUK

Active member
Oct 30, 2024
34
3
So my view about Certificates and 47 days

So not sure how many agree with what Steve said and other peoples view but yes I do agree Certificates being cut to 47 days should it happen if no push back is terrible!

So I used to use zerossl on there Basic plain and I'm sure the free plan did at one point do unlimited 90-Day Certificates but I think they changed that due to the up coming 47 days another way to get 90-Day Certificates is here.
secure.ssl.com

Educating the public about SSL Certificates | SSL.com

At SSL.com, our vision is to create public awareness on the importance of SSL Certificates. Have questions? Post them on our Facebook wall using the link above and we will do our best to respond to your comments as soon as possible.
secure.ssl.com secure.ssl.com

I believe Steve said he move to this Certificate provider?
which I would of used but would like to use paypal

I since cut ties with zerossl due to how Multi-Domain Certs works which would of put me on the Premium plan and thats just too much so I now use
www.ssldragon.com

Affordable SSL Certificates from $7.66/yr - SSL Dragon

Buy affordable SSL certificates. Enjoy fast issuance, 99% browser trust, strong encryption, and a 25-day money-back guarantee.
www.ssldragon.com www.ssldragon.com
and with my no-ip Subscription get free Certs plus some RapidSSL Basic DV that where 70% off I now save I bit by moving away from zerossl.

Steve was saying how he could not work out why Certs are going to be reduced to 47 days so here is my theory, what if a attacker some how points say example.com to their IP briefly such that they could get a 1 year Cert then give control of example.com back under the correct IP wouldn’t this be a problem? if the attacker has control of a client user system DNS to point example.com to the attacker site that their Cert would be valid and you would not know?
 
I think is simpler... Certificate revocation does not work and somebody in the know does know.

A recent example is Fina CA, a little‑known certificate authority, improperly issued 12 unauthorized TLS certificates for Cloudflare’s public DNS resolver IP 1.1.1.1 between February 2024 and August 2025 for "internal testing". These certificates were discovered through Certificate Transparency logs and raised concerns because Microsoft Windows trusted the Fina Root CA, meaning the misissued certs would have been automatically trusted on Windows. No evidence the certificates were used ever maliciously used but if they had fallen into the wrong hands the Cert could have enabled impersonation of Cloudflare’s DNS-over-HTTPS or DNS-over-TLS endpoints.

By reducing the life time to 47 days is makes the certificates expire way quicker and a oops moment is now just a blip! I think their is a good possibility, If/when that rule goes live, it will force organizations to rotate certificates roughly twice as often in the short term. Historically, every time the industry tightens these rules, a wave of outages follows because someone, somewhere, forgets to automate renewal. I am about ready for 47 Days now! Let' go and Encrypt!
 
You must log in or register to reply here.

Similar threads

S
But what do you do if there is an emergency? (Picture of the Week candidate)
Replies
2
Views
1K
Security Now Podcast
SeanBZA
S
PaulH
The Upcoming Windows Secure Boot Certificate Expiration
Replies
8
Views
2K
Security Now Podcast
mdwnn
M
N
What E-Mail Server Software does Steve use?
Replies
2
Views
1K
Security Now Podcast
Nagorg
N
C
Using Password Generators
Replies
8
Views
625
Security Now Podcast
Mike.P
M
B
Browsers Using AI (incremental power usage?)
Replies
3
Views
716
Security Now Podcast
davidgrouse133
D
Top Bottom
Back