Hacker News new | past | comments | ask | show | jobs | submit login

To better understand the stupidity in leaving the power with the CI for SSL/TLS :

  $ gpg --gen-revoke $(whoami)@$(hostname -f)
   
  gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.

  How would you like to pay us?
  
      (1) Mastercard
      (2) VISA
      (3) Other

   Your selection?
Also, a dark cynical part of me wants to ask exactly what the business model behind "free" SSL certs is? You're not paying them, someone else is?



Only their entry level certificate is free, they have higher priced options for the likes of wildcard and EV certificates. Once your root certificate has a good level of acceptance, the true cost of certificates is the validation process; actual certificate generation is negligible, hence certificates with little-to-no validation can be offered at little-to-no charge.


Fair play, now I know. The hand waving wild-eyed long-haired conspiracy theorist in me has been silenced .. for now :)


If you're interested in security or programming anywhere in the area of TLS, it's worth your time to set up your own CA, issue yourself certificates, figure out how to convince your local browser to accept them, etc.

Had I done that myself properly earlier, I'd have some less heartache in my future.


> Also, a dark cynical part of me wants to ask exactly what the business model behind "free" SSL certs is? You're not paying them, someone else is?

Well, you never give them your private key, so… what could they possibly do??




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: