We all know about the goodness of SSL. CRM Online and On-premises IFD deployments won’t work without it. However, when it comes to creating and consuming web services, people become incredibly lax about using SSLs and happy to transmit even confidential information using plain http. Excuse is usually down the “who needs this information anyway” lines:
What kind of hacker would want to access an x-ray image of your right foot?
Another frequently cited excuses has always been cost of SSL certificates. Let’s be honest – majority of providers did bugger all to verify the identities, or provide any services in addition to issuing a certificate, and then charged exorbitant prices for simple SSL certificates and then some more for the wildcard versions.
Well, you have just run out of excuses. https://letsencrypt.org/ is a new Certificate Authority: free, automated, and open. Go ahead and generate your own certificates as needed.
Before plunging in head-first, few things to consider:
- Wildcard certificates are not supported yet. While you can have up to 100 alternative domain names on a single certificate, some scenarios, IFD of CRM in particular, are much easier to handle with a wildcard.
- Let’s Encrypt certificates currently have a 90-day lifetime. There are a lot of arguments pros and cons but the bottom line is that, at the moment, in the IIS-bound world CRMers live in, there is an additional overhead to renew.
- Let’s Encrypt certificates cannot be used for code signing or email encryption. Nope, SSL/TLS only.
- They do not store private keys. Lost the key? 90-days lifetime suddenly looks very appealing.
- Let’s Encrypt has no plans to issue EV (Extended Validation) or OV (Organization Validation) certificates at this time.
I like Let’s Encrypt but currently it’s not an user friendly process when come to IIS and Windows.
I like free SSL certificates, but a wildcard cert price from Comodo is around 100$/year (and a single domain cert is only 9$/year)
yes, process is a bit cumbersome for IIS and Windows though I believe there are some PS scripts available. I was trying to stay clear from commercial offerings but since you mentioned… 🙂
We use StartSSL where we pay for identity validation every couple years and then generate unlimited number of the certificates, wildcards or not.
sorry for mentioning a commercial offer but I wanted only to show that with just 9$/year you can have a cert for your OnPremise CRM, and StartSSL offers also one Class1 cert for free, but as the tp says: “No more excuses for not using SSL”!
Errr, Guido, not sure where you’re getting your pricing from but Comodo’s wildcards are over $400/year and single domain is over $60/year.
Also, keep in mind that you need to cover multiple domains for CRM IFD (even for a single org), which would raise the price even further.
normally I buy SSL certs here https://www.namecheap.com/security/ssl-certificates/domain-validation.aspx