Appbase.io News

Database service for the #realtimeweb

Migrating away from Startcom CA

Note: Our main user blog is at https://medium.appbase.io. This blog is mostly kept for meta notes.


appbase.io website and our API services used Startcom CA for our SSL certificates. We liked Startcom's model of only charging for identity verification v/s other CA's model of charging per certificate.

Due to the recent trust issues that Wosign, Startcom's acquirer is facing with leading browser vendors -- to the extent that future versions of the browsers will stop trusting their issued certificates, we have migrated all our sites and API services away from Startcom.

We are shifting to using a combination of Comodo and Let's Encrypt, Comodo for all our critical services and Let's Encrypt for all new auxilary services.

We really like Let's Encrypt but it's limitations around number of certificates per TLD (currently capped at 20 per week) and no support for wildcards make it a no go at the moment.

Importantly, while making the migration -- we also took into account other security optimizations, particularly supporting a 2048-bit group sized Diffie-Hellman deployment. You can read more about this issue over here.

Our SSL Labs Ratings prior to migration:

Our SSL Labs Ratings after the migration:

appbase.io handles the main website communication.

accapi service handles all our user login and app management communication.

scalr.api.appbase.io service handles all our app data communication.


Tl;dr Summary

Starting April 24th, 2017, we have fully migrated away from Startcom and while at it, enhanced our SSL security.

Author image
Founder at Appbase, read my musings on the db world.