Nutritious Blue Spray

Part XXXVI of Fear

Previous Entry Share Next Entry
A Tale of Two Certificate Authorities
From 2004 through yesterday I was an InstantSSL/Comodo web server SSL certificate customer. I have a small, non-commercial site requiring secure connections and InstantSSL fit the bill 5 years ago.

During the 2007 renewal they had changed their validation requirements such that I had to make a cosmetic change to my domain whois information to match the address exactly on my credit card statement. No biggie.

During this year's round of validation they took my money then sprang their new requirements on me. They no no longer accept credit card statements for address validation. The only things I have that match my whois address are two credit cards (and of course my domain registrations and my 5-year customer history but those don't count either).

I asked whether they had a lower-assurance option with validation requirements I could make but I got no direct answers, just more repeats of their validation rules no matter whether I escalated to my "account manager" or not. I was clear what I wanted it for, that I would not change my whois address, and that I did not have the major utility bills at the whois address that they were requesting.

Finally I tried again with the account manager to start anew, spelling everything out again and asking for help directing me to a product which had been hinted at whose validation requirements I could meet. After a couple of days I got a response that her manager had told her that I should call the validation department again and ask them. Maddening. I had been over the same thing many times by now, but I called last night anyway. Yes, I waited until the night before the certificate was to expire.

Well I apparently missed their business hours. So then I looked for alternatives and quickly found GoDaddy, which had a certificate that works perfectly for me. It was much cheaper and the only validation requirement was confirmation from the admin contact in the whois record. Despite some graylisting delays receiving the confirmation request, the whole process from hitting the GoDaddy web site to installing the certificates on the server took less time than some of my interactions with Comodo/InstantSSL.

So if you are a hobbyist and/or aren't using SSL for business purposes, I suggest checking out GoDaddy. I have about a day under my belt as their customer, but it's been exactly what I expected and I appreciate the total lack of hassle.

Bye-bye, Comodo/InstantSSL. Thanks for wasting my time. Thanks for not valuing me enough as a customer to keep me. I should not have had to battle with you. Oh, and I'll be looking for a prompt refund.

Post from mobile portal


Log in