Banned country list for SSL now includes Zimbabwe

ssl connection not secure

Websites from Zimbabwe are now banned by the Certification Authority Browser forum from receiving Extended Validation (EV), Organization Validation (OV), and Domain Validation (DV) SSL certificates.

Countries are usually banned or restricted when the country is experiencing a period of political unrest and the security of information traveling in and out may be compromised by the government or an outside entity.

The banned country list for SSL certificates comprises of Afghanistan, Cote d’Ivoire, Cuba, Eritrea, Guinea, Iraq, Islamic Republic of Iran, Democratic People’s Republic of Korea, Liberia, Myanmar, Rwanda, Sudan, Sierra Leone, South Sudan, Syrian Arab Republic, and Zimbabwe.

The restrictions do not affect websites that already have SSL certificates, but any websites applying for new certificates are being denied.

 

let's encrypt logo

Let’s Encrypt Free SSL Certificates – What You Need To Know

About Let’s Encrypt

let's encrypt logoLet’s Encrypt is a new non-profit Certificate Authority (CA) sponsored and founded by industry advocates; such as, the Electronic Frontier Foundation (EFF), Mozilla, and the Internet Security Research Group (ISRG). Let’s Encrypt offers free SSL certificates.

The key principles behind Let’s Encrypt are:

  • Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
  • Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
  • Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
  • Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
  • Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
  • Cooperative: Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.

Let’s Encrypt Will Have Major Limitations

Unfortunately, Let’s Encrypt will have some very notable limitations due to their limited funding and infrastructure. Because they will only be offering free certificates, they will only be able to provide automated, basic encryption only/Domain Validated (DV) SSL certificates with no other frills that typically come with SSL certificates.

Other observations that undermine Let’s Encrypt

Since the SSL certificates are free of cost and open to anyone, malvertisers and other bad guys can get them for all their websites. This lets them encrypt data transferred to their servers making detection by good guys more difficult. This undermines the trust factor of Let's Encrypt and could lead to their certificates being derecognised in future.

Unlike brands that have been around for longer such as COMODO, Thawte, GeoTrust, Symantec, etc., Let's Encrypt intermediate CA certificates (required for recognising website certificates) are not available on older versions of operating systems such as Windows XP. Users on those systems will not have a secure connection and so will not transact.

Years of Experience Taught us That Users Need More than a Free Certificate

We have worked with many customers and if our experience has taught us anything, it’s that SSL can be confusing, and many people need help. Knowing what type of certificate you need and how you will get it successfully working on your network are the most common and most serious questions our customers have.

Let’s Encrypt’s one-size-fits-all approach isn’t perfect. A personal blog has different needs than a corporate homepage. We believe there is a perfect solution for everyone: personal attention and attentive support behind globally recognized brands. A free service cannot afford to give that to their non-paying customer.

Our Assessment of Let’s Encrypt

We do not think Let’s Encrypt should be a viable option for commercial use of any kind, you should continue to buy from established Certificate Authorities (CAs) such as Symantec, Comodo, GeoTrust, RapidSSL and Thawte. Especially since the pricing for basic encryption/Domain Validated (DV) certificates are available for extremely low and affordable rates and still carry a strong brand name recognized by most web users.

wildcard ssl certificate example

New GeoTrust & Thawte DV Wildcard SSL Certificates

GeoTrust & Thawte have introduced new DV Wildcard SSL certificates, and we are pleased to be amongst the first to make them available.

What are DV Wildcard SSL certificates?

wildcard ssl certificate example

These certificates are a type of DV SSL certificates which can be used with multiple websites or hostnames (subdomains) setup using a single top-level domain name.

For example, a wildcard SSL certificate for *.iwebz.net will protect www.iwebz.net and ssl.iwebz.net, but NOT www.getssl.in which is setup on a different domain name.

Domain Validated (DV) or Standard SSL certificate is where the CA checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal.

New DV Wildcard Certificates

GeoTrust’s new DV wildcard option is GeoTrust QuickSSL Premium Wildcard. It builds on GeoTrust’s already popular QuickSSL Premium certificate. It features a dynamic clickable site seal that displays time-stamped data to further add trust to a site.

Thawte’s new DV wildcard option is the Thawte SSL123 Wildcard. It builds on Thawte’s already popular SSL 123 certificate. This certificate also comes with a dynamic clickable Thawte site seal.

Who should use these SSL certificates?

These certificates are an ideal option for any business that has any number of sub-domains that need security or future-proofing their site for sub-domains that may come in the near future. Typical users of wildcard certificates are cloud-based hosted web services, mobile app developers, and enterprise public cloud setups.

Both these certificates offer a DYNAMIC Site Seal which can be displayed on your website. It features a time/date stamp that identifies your site as authentic and validated by a trusted 3rd party. This feature itself boosts customer trust in your website and is important for websites involved in e-commerce.