Why are wildcard SSL certs so expensive? I want to use SSL certs on my personal subdomains, but they are usually priced at around $150/year at least. I hope let's encrypt will support multi or subdomains.
The price of Wildcard SSL certificate is a bit expensive because multiple sub-domains are secured with single certificate.
For a large business with multiple sub-domains (mail..com, blog..com, info..com, anything.com, etc...), if the business purchases individual SSL certificate for each sub-domain it need to spend more money, and the process will be so long as generation of new CSR, private key, certificate installation, etc...
A Wildcard SSL secures unlimited sub-domains which saves time and money as well.
$150 is much higher for a wildcard SSL certificate, Visit CheapSSLSecurity (https://www.cheapsslsecurity.com) where you can get Wildcard SSL certificate at $60/year for Domain Validation and $108/year for organization validation.
StartSSL is very much "you get what you pay for", though. Their web interface is sporadically unreachable, and their validation is rather sloppy – as long as you pay up, you can happily break their terms of service and still be re-validated.
I never understood how that matters, though. My visitors will see a green bar, job done. Breaking the ToS or not, I don't care as long as my address bar is green. How is Verisign any different from StartSSL, in that regard?
It will matter if StartCom is abused to print certificates for foreign domains. Even if your domain isn't targeted, browsers and OS vendors will probably react by invalidating all StartCom CA certs. That means no green bar.
CNNIC had provided "unauthorized digital certificates for several Google domains" and in an update on April 1st Google said that "To assist customers affected by this decision, for a limited time we will allow CNNIC’s existing certificates to continue to be marked as trusted in Chrome, through the use of a publicly disclosed whitelist" - http://googleonlinesecurity.blogspot.ro/2015/03/maintaining-...
So, I doubt they would treat StartSSL any worse than they treated China.
Multiple name certificates are included in that too, which is handy if you have several distinct domain names, limited IPv4 addresses, are worried about ancient browsers that don't support SNI. I have a single certificate that covers a couple of domains that way. Saves on admin too (though could be a pain if the PK were ever compromised as every service would need to be updated - if you have separate certs for everything and one is compromised you don't have that complication).
Bugger. I was really excited for Let's Encrypt specifically for the possibility of a free wildcard cert.
I was thinking of building an app which would be under two domains like heroku.com/herokuapps.com and github.com/github.io and I rather not spend hundreds of dollars on two wildcard certs. Guess I'll just buy one and not use subdomains on the main site.
My initial reaction would be that is just stupid, but is there a good reason for that refusual? It is usually as a way to make money, but in this case?
