[Operators] wildcard cert

Peter Saint-Andre stpeter at stpeter.im
Mon Feb 22 09:41:19 CST 2010

On 2/22/10 8:35 AM, Jesse Thompson wrote:
> It looks like StartSSL doesn't offer free wildcard certificates (like
> crack, the first hit is free)

It did in the old days when we had the XMPP ICA. In fact we were in the
process of removing that option for Class 1 certs even for the XMPP ICA
because of security problems with wildcard certs. Part of the reasoning
behind pulling the plug on the XMPP ICA and redirecting admins to
startssl.com was that we'd need to perform stronger verification and
that infrastructure was already in place at startssl.com but not at

> Is there a free option for XMPP certificates?

There is: startssl.com (Class 1).

> If we have to pay, is GoDaddy an option? (they appear to be cheap and
> less crappy than StartSSL)

Feel free to try out GoDaddy and report back. They are not free as far
as I know. I do not have experience with their certs, only their domain
registration services.


Peter Saint-Andre

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6820 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20100222/15d845a0/attachment.bin>

More information about the Operators mailing list