How to get a free SSL certificate

Last week I showed you how you don’t want “bank grade” security in your SSL.

I used the Qualys SSL Labs test to rate the bank’s SSL security. One of the first steps you need to take to get a good rating on the SSL Labs test, is to get a trusted certificate.

Without a trusted certificate you are not going to get any higher than a T rating on the SSL Labs test. As you may already know, if you use a self-signed certificate on a public website you will get a warning from the browser that the website is unsafe. The only way of avoiding this is to get a certificate from a trusted Certificate Authority that the browsers recognise. Unfortunately most Certificate Authorities charge a yearly fee for certificate which can cost anywhere from £5 – £500 a year.

Continue reading

Do you really want “bank grade” security in your SSL? UK edition

I recently read Troy Hunt’s article (Do you really want “bank grade” security in your SSL?) regarding how shocking the SSL security is on the banks down under. Damien Guard has written a similar post looking at the US financial institutions (Quality of SSL protection for US financial institutions). This got me wondering how the UK banks (and building societies) fair and what the low scores actually mean to their security.

So here are the results after running them through Qualys SSL Server Test (25/06/2015):

Continue reading