[SSL added Sep 29 2014] Spongepowered.org; why no SSL? (now discussing its implementation and other security related things)

Sponge wouldn’t actually need to purchase a wildcard certificate for what most places sell them for: StartSSL class 1 certificates are free, and although they are meant for individuals it might be worth it to ask them to see if there is an option for a project like sponge, since sponge doesn’t really meet the requirements for either a personal or organizational validation.

It’s actually a decent chance that they would be allowed a free authentication, so they might be able to get a signed wildcard certificate for free.


You can get Class 1 certs for free here: https://www.startssl.com/

You may as why? Answered in their F.A.Q.:

90.) Why are Class 1 certificates free?

The philosophy of StartCom is guided by the principle that our services are charged according to the effort we have to invest. Since Class 1 certificates are domain and/or email validated only and the process is performed mostly by electronic and automatic means, StartCom doesn’t apply any fees for this type of certification. StartCom started the certification authority a few years ago with the goal to provide free digital certification and adopted a unique business model previously unknown in this industry.

Edit: looks like @ShaRose was faster :slight_smile:

1 Like

Yeah, but class 1 certs are only legal for individuals. That’s why I said to ask StartCom about it.

They have an SSL cert already. They’re not using it because I’m assuming they have a free cloudflare account. So… we need a premium cloudflare account.

I forget who told me that. @lukegb, I think.

1 Like

as long as there is ssl on this website as long as it’s not self signed.

Yup, found it here: https://www.cloudflare.com/overview

I have a wildcard cert ready, waiting on us to get a proper CloudFlare account.

Of course, CloudFlare might introduce SSL for free accounts (which will happen in about a month - mid-October) before we get there, but we’ll see.


knew that they would get a wildcard cert knew it

You can get a free SSL/TLS cert from http://www.startssl.com/
I used it before, but I just used a self signed one now for my email.

It has been determined that they have one, a wildcard one at that, but they are using cloud flair, which requires a paid account to support SSL.

We could use some ssl, would make me feel more secure on my campus’ open wifi network.

I Agree with you.

Everyone seams to agree, it’s just a matter of an extra $20 per month for cloud flair.

And I don’t know who pays the bills around here, but I don’t, and as such can’t say where the money would come from.

Cloudflare will offer free SSL on all their free accounts by the end of this year.
Just wait.

Well we’re all waiting. good luck to that.

It has been confirmed for the end of October.

There’s no need. SSL protects data sent between a server-client. No personal data, or entered data is being sent via the Spongepowered.org website.

For the forums, however, that could be something to look into (SSL is different for sub-domains i.e forums.spongepowered.org).

1 Like

Not entirely free.

After one year it costs more than $100.

This is what we want protected. the persnoal data is another matter altogether, one being discused elsewhere.

1 Like

Please read my full reply.

I don’t see any place on the main website where data is being sent.