So today I discovered that Karen at StartSSL has a confused definition of “commercial in nature” and “financial transaction”
I attempted to grab a ssl certificate for one of my subdomains on one of my servers so I could have an upcoming chrome plugin securely communicate with it.
In fact their website specifically highlights this feature: “The StartSSL™ Free certificates are intended for web sites which require protection of privacy and prevent eavesdropping.” – Sounds perfect doesn’t it.
According to their policy
Class 1 certificates are limited to client and server
certificates, whereas the later is restricted in its usage for
non-commercial purpose only. Subscribers MUST upgrade to Class
2 or higher level for any domain and site of commercial nature,
when using high-profile brands and names or if involved in
obtaining or relaying sensitive information such as health
records, financial details, personal information etc.
I should be good to go right?
This site clearly isn’t commercial in nature, nor is the domain I was attempting to get the certificate for (flatus.fremnet.net) I have no intent to make money off the chrome plugin or the data that’s being transferred.
I also have no intention of obtaining or relaying sensitive information such as health records, financial details, personal information etc
Having a paypal donate button in the top right hand corner of a site doesn’t make the site commercial, it’s giving others a chance to contribute to keeping the information here online – some of it is quite useful. Hosting isn’t free, it’s coming out of my pocket.
Having a paypal donate button indiciates that the financial transactions I do conduct (however few and far between) clearly won’t be run over the StartSSL free certificate as I already have a method that doesn’t involve them.
The kicker, I’ve had certificates from StartSSL before and this hasn’t been an issue.
I’m an open source coder and tinkerer, almost everything I do is given away, either under GPL or completely free without license or constraint.