[HCoop-Discuss] Buying a Gandi Wildcard Cert (Was: Re: TLS Perfect Forward Secrecy etc.)

[Clinton Ebadi]

Sajith T S <sajith at hcoop.net> writes:

> Clinton Ebadi <clinton at unknownlamer.org> wrote:
>
>> A short-term solution, at least for signing up new members, would be to
>> accept Gandi's offer of a free one year certification, and move the join
>> scripts to hcoop.net/join instead of join.hcoop.net. This would at least
>> improve the initial impression of hcoop, and costs us nothing. Thoughts?
>> I am inclined to just grab the certificate when I renew hcoop.net (I
>> think since it doesn't involve money, this falls under authority
>> delegated to sysadmin volunteers).
>
> Taking up Gandi's offer actually sounds like a good idea to me.  I am
> also inclined to trust Gandi more than StartSSL, but I must also admit
> the complete lack of objectivity in my trust.

I've been thinking our options (having spent the last few months idly
investigating CAs), and I think spending $160 on a Gandi certificate is
the best option available right now. I verified with Gandi that we
wouldn't be violating their TOS because of member controlled subdomains,
and we could have the certificate installed for at least our websites
not long after acquiring it.

As such, I've suggested to the rest of the board that we vote on
approving the purchase. Objections and alternatives should be mentioned
now! I could likely get this done with over the weekend even.

-- 
   (1) _Of course_ we made sure it was actually too slow before making
the ugly optimization.