free encryption certificates and encrypting elgg sites

i have read some of the threads here where questions have been raised about the wisest approach for using encryption and certificates with elgg. the conclusion is that encryption is necessary for logins as a minimum. 

since, like domain names, the 'trust' industry has already been hijacked by ones i don't trust; who offer to sell certificates of trust and the browsers offer alerts that your site is not 'trusted' if you use a 'self generated' certificate.. does anyone here have any ideas i may not be aware of, of how to run a free certificate without triggering the browser 'UNSAFE SITE' warnings?

i know there are one or two groups that claim to offer free certificates.. without naming names, i attempted to begin setting up a certificate with them and one group only offered the service if you are within the usa border and the other (who i spoked to by phone) seemed highly untrustworthy themselves!

i really don't see how paying a group that you have never met to issue you with their brand of certificate is any type of guarantee of security at all. with this system in place, sites that attempt to activate encryption for free, even with encryption certificates that are of greater ability than the 'paid for' ones, will be identified as being 'threats'.. when in reality they are safer.. i am wondering if this is actually part of the plot to de-rail encryption algorithms and thus to prevent real encryption being used, while earning large amounts of cash.

  • Paweł Sroka oh so you are using startssl so does startssl work in all broswers? no warning to any users who have not installed a cert from startssl?  renewing every month is a little tedious, any more to explain please Paweł Sroka, by the way when i went to ura soul's website i had no cert installed at that time and i got no warning using chrome browser

  • hmm this is very interesting, does this mean you dont have to verify every month?

    Home - StartSSL Web-of-Trust Network

    Welcome to the StartSSL™ Web-of-Trust

    The StartSSL™ Web-of-Trust (WoT) is a growing community network of members, operated and supported by StartCom, where WoT appointed members perform the verification of its fellow members and subscribers. This is a decentralized certification system for the validation of the subscriber's identity in digital certificates, performed face-to-face in person by other members with notary status.

    Any person can participate and be a member of the StartSSL™ WoT and by qualifying to the guidelines also act as a WoT-Notary. The multiple assurances made by the verifying notaries provide an added value to the issued certificates. Once a member is validated by at least two different StartSSL™ WoT-Notaries, the member is eligible to receive free S/MIME personal certificates issued in their name.

    Please read the following Blog article RSS by Eddy Nigg, founder of StartCom, where he describes into more detail what else can be done with a WoT validated membership. See the How to section for more information on becoming a member and StartSSL™ WoT-Notary. Join the new StartSSL™ WoT mailing list to stay involved.
  • this is also quite interesting, i will just buy a cert from arvixe rapid ssl as it works out cheaper, and less hassle though if you dont mind renewing every month etc then go for start ssl, i need convenience and for that i have to pay lol.

    heres some info on Post subject: Do personal Validations expire? and validation every 30 days