Re: [sqlmap-users] Fail when trying to perform a checkout from sqlmap trunk

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Ryan Sears wrote:
> Wait, what? Are they *really* signed by a trusted CA?

Yup.  Startcom was added to the windows root certificate program in
September 2009.  They were already in Firefox and Safari at that time.

It work just fine everywhere, as long as you correctly install the
intermediate certs according to the instructions, much like you need to
do for a godaddy or other cert these days.

http://www.startssl.com/?app=25#31

They allow one alt name of your choosing. Authentication is handled with
client side certs.  They do basic fraud avoidance like flagging people
who ask for, say, usbank.example.com as their alt name(I've tried ;-)

As far as I can tell there is absolutely no upside to paying for some
other Class 1 (domain/email validated) cert over the startcom free cert.
 Of course, if you need a wildcard cert, class 2 cert with business
verification(so your name shows up when smart users hover over the lock
icon), or extended validation cert(so the bar turns green), you still
have to pony up.  Otherwise, class 1 certs are common and trusted on the
Internet.  Most people don't know or care about the differences of the
different classes.

#1 reason to not use SSL is gone. Spread the word. ;-)

> I was going to suggest getting one from GoDaddy (http://www.godaddy.com/Compare/gdcompare_ssl.aspx?isc=sslqgo026e). Hell I'll even pay for it myself, anything I can do to support you guys!
> 
> Maybe we should go with comodo? :-P
> 
> Ryan
> 

-- 
 | Steven Pinkham, Security Consultant    |
 | http://www.mavensecurity.com           |
 | GPG public key ID CD31CAFB             |