.htaccess redirect for https and external links
17 Replies
Even with this new-fangled SNI feature that lets you do vhosts on SSL, you don't have an option to issue a redirect.
Have you considered getting a real SSL certificate? They're cheap, and in some cases (StartSSL) can be free.
@sweh:
FWIW, StartSSL is not a scam site. I've been using them for 2 years and have 5 certs from them.
If they are legitimate, then why do they ask for your home address, and not only request it, but insist that you must provide it to them? I've dealt with potential scammers, and strange things like this are what mark them. My organization address isn't good enough for them. Why? There is no reason why they need a home address, and it's unwise to be handing it to them.
> 1.) Why do I have to provide my personal details?
The Terms and Conditions of StartCom and the StartCom Certification Policy requires* subscribers to provide the correct and complete personal details during registration. Without fulfilling this requirement, a subscriber (you) is not entitled for an account with StartSSL™. It is upon the subscriber to prove the validity of the details submitted should StartCom make such a request.
- Since StartCom must enforce adherence of the StartCom Certification Policies by all subscribers, the subscriber must provide his/her personal information.
To me, that says that you are an individual, and you are the subscriber. Not your company; you.
Feel free to not use them. There's plenty of other places, and if you want an EV cert then you're gonna pay, anyway.
As (weak) evidence of their suitability, I'll point out that their CA cert is pre-loaded into many modern browsers.
So you give personal address on it, not business address.
Honestly, never used them - just heard the name dropped around this forum before. Sorry.
Drive thru town, find a nice house, use that address.
@vonskippy:
And they verify it how?
Drive thru town, find a nice house, use that address.
You can tell if sth is a business or a house, especially with Google Earth. I'm also not going to use a random person's address. Putting your address on the internet causes you to get tons of junk mail, and God knows what someone would get if their address were entered into some dodgy service… The PO box we use for domain registration already gets tons of spam.
@sweh:
FWIW, StartSSL is not a scam site. I've been using them for 2 years and have 5 certs from them.
I think I'll try it. I'll wait a while before I implement it to see if they actually care that I'm using the Sturmkrieg Administration Committee PO box. That's our address; if they don't like it, it's what they get.
EDIT
They really seem to be a bit odd with demanding personal information. I have to say, neither me nor the server owner is going to be turning over any identification to them if they decide to throw a fit.
I might just ask Sturmwächter to buy one from GoDaddy, provided it gets good reviews for SSL and it can be used on multiple domains.
Namecheap is a reseller of PositiveSSL and you can buy one for only $8 a year. If you haven't registered your domain yet you can get one for only $2 a year. I went with Namecheap to register my domain name and chose the Positive SSL cert. This is my first time setting one up and I found it easy and the cert has gotten good reviews. PositiveSSL is also backed by Comodo.
@IceClimber:
CACert also offers free SSL but supposedly not all browsers accept their cert as beings valid. Perhaps it's something you could test first.
Namecheap is a reseller of PositiveSSL and you can buy one for only $8 a year. If you haven't registered your domain yet you can get one for only $2 a year. I went with Namecheap to register my domain name and chose the Positive SSL cert. This is my first time setting one up and I found it easy and the cert has gotten good reviews. PositiveSSL is also backed by Comodo.
Thanks. Their wildcard SSL is $85 per year.
inclusion status
Progress on getting included seems to be stalled