Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
What's the context? Working in the payments space, we'd be in rather hot water if we ever let a client use an unencrypted payment page...
-
I will charge them for the cert (large orgs, it can cost thousands if it's a wildcard) and associated costs if we're not managing it (updates, training their staff to manage the operation, documentation). I don't do small scale, so questions arise such as where termination will occur, will this impact SLA, etc. All of that costs me time and fronted expense
Depending on the degree of ownership I have, it also impacts my cyber and errors and omissions insurance as well. -
I choose hosts for the client that provide https for free via automatically updating services. If they have their own service then it is up to them to maintain. It takes practically no effort to add https to say Wordpress. So no, I don't charge extra. I just charge time to complete project. So it gets figured in for the amount of time it takes me to turn the feature on. I wouldn't want to expend the effort of not doing https and then get requested to add it later. That would be a waste of time.
-
If we're talking DV certificates, then the only valid answer for providers who still think they can charge for that is "fuck you", and changing the provider for someone who puts on Let's Encrypt automatically and for free.
OV/EV certificates have become meaningless because they cost a lot of money for no value anyway. -
@SortOfTested Don’t know about that. Our wildcard cert costs “only” 350$/year (Via Azure, which buys them via godaddy)
-
@NoToJavaScript
Cool beans. We use whomever our customers' legal and insurance allows. Enterprise overpays people like entrust and integrations with companies like akamai drives the cost up even further. -
The man that gave the place I work for its website (he worked as a reseller) charged about 100 U$D (converted, at that time) extra for it. When I got there I just logged into the admin panel and fucking clicked a switch button to enable HTTPS.
Fuck him very much. Fuck resellers in general tbh.
Related Rants
Do you still charge your clients extra for HTTPS being it’s practically a requirement now for SEO purposes?
question
information security
letsencrypt
tls
https
security
tls1.3
infosec