On Wed, Apr 8, 2015 at 1:07 AM, Niall Douglas
On 7 Apr 2015 at 15:40, Michael Caisse wrote:
We are working on getting a new certificate, and setting up a procedure to avoid the expired certificate problem in the future. It is taking a bit of time, however.
In case people aren't aware, to renew the kind of cert which expired you need to prove your identity which includes a proof of address which usually means a snail mail card in the post with a verification code plus lots of mailing identity documents to people. This is why
I have no idea what you are talking about. There are a lot of reasons that certs can take some time to renew, snail mail isn't one of them.
We renew about 2-3 certs a month ranging from standard vanilla to wild-card and crazy merchant certs. In January we dealt with 2 certs that had expired. Snail mail has never been a requirement.
Can you please expound?
Sure.
In the case of the SSL cert for *.nedprod.com, the issuer needed to prove my address and sent a code on a card to my physical address. That took two weeks, seeing as the card comes from Israel (it actually takes eight weeks in total to renew SSL certs for me, but that is for other reasons).
I entirely accept that if your issuer lived in the same city in the US as you do, address verification would be rather quicker. They could also accept other evidence only possible to a US issuer verifying a US org. What I was trying to do was explain why getting new SSL certs isn't always as easy as a few clicks on a web page, if I was wrong then I'm sure we'd all love to hear why svn.boost.org's cert is taking so long.
At startssl.com one can get a basic SSL cert for free.. Certainly no snail mail required. -- Olaf