-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: What's the most interesting small town you've visited in South Africa?
primasecure.com
- Thread starter ubercal
- Start date
Free ssl monitoring?Got a random call out the blue from a "cyber security supplier" to say our company's wildcard certificate is expiring.Anyone heard of these guys ? My bullshit meter is on high alert
.
not sure , but fun playing along.Ive requested full details of the cert including the common name etc , and where/how did they pickup that are wildcard cert was expiring.Their "customer support" person seems very elusive , in providing details.
Maybe a new person - blocked their domain in October last year so have not heard from them since
Yes in the past directly from digicert , but iam sure they expired long time ago.
Have they quoted you yet? Interested to see what they say
Yes - Digicert (have been getting SSL certs from them for many years direct with no issues)
Honestly not seeing the benefit they add other than some discount.
Here is the email below ......
"Dear ....
I hope you are well and thank you for your time earlier.
As discussed I have called regarding the renewal of SSL certificate that is valid for 1 more day and will expire thereafter.
As an Authorized partner for DigiCert, Thawte , Sectigo and Geotrust, we offer benefits on SSL certificates acquisition;
Such as:
• Discount: Up to 50% off on retail pricing
• Support: Free 24/7 technical support including cert generation and installation.
• Flexible payment : Unlike most vendors, You can pay for your certificate after delivery via bank transfer, credit card or paypal.
• Dedicated account manager: No more waiting in long queue for support, I will handle everything for you and deliver your products in a timely manner.
Your Sectigo wildcard retails for R4266.99 our offer is R2056.38.
You can respond to this mail to have the about quoted to you. All quotes are valid for 5 days. once you approve the quote , we simply need your CSR to process your SSL , once you have received your SSL ,payment can be made through various methods for your convenience."
Yah that is spammy indeed, I would push them for better pricing though
They were not that much cheaper and very aggressive with their sales.
Would rather request and manage my own certs than not have to deal with some middle "person" just to save a few bucks.
Yah that is spammy indeed, I would push them for better pricing though
wahaha good idea.
AndrewAlston
Group Head of IP Strategy – Liquid Telecommunicati
One of my team got a call from these guys today - and the only way I can think of that they could have got his details or his email address is by lifting it outta the AfriNIC database. Their website is also dodgy as hell https://primasecure.com/terms-conditions/ <--- professional firms dont leave that lying around. I will be sending a complaint to digicert though because this is nonsense - and a total waste of time. Scammers be damned
ya please go report them.Update on my situation , after having a bit of fun with them , and messing them around i found out that my ecommerce cert was expiring soon.Now my ecommerce system is managed by a 3rd party software development house , so these scammers tried to gap in before my software guys to renew the cert first.Anyway their website looks very similar to godaddy.These guys defintely have some inside knowledge.
the ssl market has taken a huge knock as a result of LE and CF’s free ssl offering so companies who explicitly sell SSL’s are trying their best to stop a ship from sinking and will do anything they can to make a sale.
Sectigo, which was previously Comodo are no saints when it comes to business ethics so it’s hardly a surprise that their resellers have access to data that they should not have access to.
crt.sh is a good starting point for data that’s publicly accessible.
Sectigo, which was previously Comodo are no saints when it comes to business ethics so it’s hardly a surprise that their resellers have access to data that they should not have access to.
crt.sh is a good starting point for data that’s publicly accessible.
Last edited:
AndrewAlston
Group Head of IP Strategy – Liquid Telecommunicati
Just an update - I dropped a private note to digicert in addition to a public tweet. DigiCert did claim on twitter in response that they would be looking into the issue.
So hopefully But then again - we shall see
So hopefully
But then again - we shall see AndrewAlston
Group Head of IP Strategy – Liquid Telecommunicati
These people have no shame - they are trawling websites and making claims about certificate expiry and then justifying it by slandering other certificate providers claiming that their certificates are "south african recognized brands" and so will give customers more confidence and other such nonsense. They clearly don't understand how TLS works. They also had the gall in follow emails to make claims about who our clients were - and other absolute nonsense. Basically - based on the ethics of the way this company has conducted itself before me, on that basis alone I wouldnt touch them with a 500 foot pole. I really hope that the people who they claim to be authorized resellers for take note and stop letting people like this ruin their reputations.