Web Hosting Talk : Web Hosting Main Forums : Running a Web Hosting Business : Renewal of secure cert for anonymous reseller customers..

[mrzippy]

I'm just wondering how others deal with the renewal notices for secure certificates that are purchased on someone's behalf.

For example, we purchased a number of certs from rackshack last year. We then charge a small value-add fee, and deliver the cert to our reseller customers... who then turn around and add their own value-add fee and deliver to THEIR customers.

Since WE used our email address in the rackshack order form, WE are now getting the renewal notices for the certs.

For each renewal notice, we look up the reseller owner of the cert domain, and then we look up the contact email for the reseller and then send them a renewal notice.

But I was wondering if anyone does anything different....

Thanks!

[mrzippy]

On a related issue, it is often difficult for us to look up the reseller user for any given secure cert domain... because we have accounts on many different servers.

So when we need to find out who "owns" a certain domain.. is there an easy way to do this besides going to every server and checking to see if the domain is hosted on that server?

[tracphil]

Signup as a reseller for http://www.instantssl.com and the certs get sent to the person that you want it sent to.

Re your second post. Ping the domain and it will give you the IP of the server :-)

[mrzippy]

Quote:

Originally posted by Weberz
Re your second post. Ping the domain and it will give you the IP of the server :-)

Doh! Now why didn't I even think of that. Duh....

[tracphil]

Also if you use hsphere you can just do a search in the CP.... after all it knows about all of the domains in the cluster that it controls.

[Tina J]

Just a thought, but isn't the purpose of a certificate to authenticate that the website owner has credibility and is the right and proper owner of the certificate? If you purchase these domains on behalf of your clients...and you don't even know which cert belongs to which client, doesn't that kind of defeat the purpose of the certificate?

Not trying to start a flame war, I'm just wondering what the proper procedure is. One of the reasons I've not yet offered certs directly (we always send our customers to someplace like FreeSSL) is because I don't want the responsibility of verifying that the SSL customer has the proper ID, etc.

--Tina

[tracphil]

Hi Tina,

Establishing ones "credibility" to obtain an SSL certificate is as simple as applying for and DUNS number online and you do not have to verify anything to get one.

I used to own ssl4less.com (back in the day :-) ) and my argument then was that having to have a business license faxed in or the other forms of verification of identity was BS because one of the things they would take is your DUNS number which as I said is extrememly easy to get by just filling out a form on the D&B website.

With that said, it is the web hosts responsibility to "verify" that the end user is who they say they are (credibilty is not an issue). If you do not do that you are violating their TOS and will cut you off if you do not verify them or at least have them to send their info in via fax.

SSL Certs have a lot BS in general that surround them... which I believe are used to inflate the price...after all 128bits is 128bits, I don't care if it is your own home grown SSL or if it is signed be verisign. I think SSL should do just what it does best and that is for encrypting data.

[Tina J]

Ah, very good post! Thanks!