[UFO Chicago] Certificate For Https

Tue Jul 27 12:10:26 CDT 2021

Esteemed Colleagues:

I write today on behalf of a friend who has a website that offers free
textbooks to download (http://potto.org, for the curious).  He is
getting less traffic than he used to get, and he thinks it is because
he does not support https.  Apparently some browsers are now warning
you when you connect to a website using http, and my friend thinks
that this warning is scaring people way.  There is, of course, no
reason to care whether the free textbook you download is coming to you
encrypted or unencrypted -- why would you care if the NSA is able to
read a textbook on fluid dynamics? -- but my friend's theory is that
some people, the moment they see a warning from their browser, run
away from the site, regardless of whether it makes any sense or not.

So now my friend wants to support https on his website.  He thinks he
will get more traffic that way.  But if he installs a self-signed
certificate on his website (like I have on mine, https://m5.chicago.il.us),
the same browsers that were warning people about unencrypted traffic,
are now going to warn them about the self-signed certificate.  Again,
there is no reason to care whether potto.org has a self-signed
certificate.  A self-signed certificate would only mean that you
cannot know that the website claiming to be potto.org really is
potto.org.  But why would anyone care whether the free textbook on
fluid dynamics that he is downloading, is coming to him from
potto.org, or from an imposter claiming to be potto.org?  If I have an
account on CitiBank, and I am about to type in my account name and
password to do some on-line banking, then I care whether I'm giving
the information to citibank.com or to an imposter claiming to be
citibank.com, but there is no logical reason to care whether potto.org
is really potto.org or an imposter.  Nevertheless, my friend has a
theory that whenever users get a warning from their browser, they run
away, regardless of whether it makes sense.

Which now brings me to my question, and the reason why I am posting
this message to the ufo mailing list.  What is the cheapest https
certificate my friend can get?  It doesn't have to be a certificate
that will satisfy an expert.  An expert wouldn't care whether he has a
certificate at all.  It just has to be a certificate that will keep
the browsers from emitting a warning, which he thinks is scaring
people away from his website.  My friend operates as a non-profit
organization, if that makes a difference.  Thank you in advance for
any and all replies.

                        Jay F. Shachter
                        6424 North Whipple Street
                        Chicago IL  60645-4111
                                (1-773)7613784   landline
                                (1-410)9964737   GoogleVoice
                                jay at m5.chicago.il.us
                                http://m5.chicago.il.us

                        "Quidquid latine dictum sit, altum videtur"