My favorite guy, our CTO is back again, this time with more fun.
We've been using Verisign for our SSL certificates for years (like since 1994). When we bought the new companies our new CTO caused a major stink because everyone else in the other companies he's been supporting uses GoDaddy. After a giant goat-rodeo last year, we convinced him to just put in Verisign and we'd figure it out.
Well, now we're about to expire, and now he's decided we now have to need to change our stuff with a little more than a week. Not amused.
Current big question:
-- Do they issue test/development versions of certificates to customers so we can test our setup? We can't seem to find anything like that.
-- Anyone have any advice on dealing with them?
I refuse to deal with GoDaddy under any circumstances. They are sleazy, and their CEO is appalling.... this is the guy who was advocating torture a few years ago.
If you want a nice cheap registrar, use NameCheap.
How many certificates are we talking, anyway?
I use Digicert over GoDaddy.. I've used both and I'm now using Digicert 100% of the time.. I have good luck with them.
There's always a better answer than GoDaddy. For everything. Unless you're looking for videos of Danica Patrick where she acts like she's going to get naked but she never ever does!
Ahem.
For cheap-o certificates, we use DynaDot, which re-sells AlphaSSL and RapidSSL certs.
For anything beyond that - DigiCert is the correct answer.
double post for goodness
Being in a similar boat as momgamer, where there is no choice but to use GoDaddy due to corporate mandate (sorry but saying to not use them after she's said she has to seems a little less than helpful):
-- Do they issue test/development versions of certificates to customers so we can test our setup? We can't seem to find anything like that.
- as far as I can tell, they do not provide test certs.
-- Anyone have any advice on dealing with them?
- realize that there's a reason they are so cheap: you get very little support. If you have a problem, you are pretty much on your own. They do have a decent set of FAQs and Howtos, though, in case you need a little extra help.
Edit: link to their "SSL Help Center"
Their FAQs and written documentation vary wildly, but I've always gotten really smart help on the phone. Have you called yet?
Latest salvo in the email jockeying made me throw my stress-foam thing across the room. Stupid son-of-a-beehive is using this as an excuse to push back on us having a test environment. At all.
So they're going to put you through that much pain to save maybe eighty dollars? You've already spent more than that arguing about it!
Have you called yet?
This. The only good thing I will ever say about GoDaddy is that their phone support team is generally very knowledgeable and helpful. Call them, and call them often. Since you're forced to use them, might as well make them earn their money.
clover wrote:Have you called yet?
This. The only good thing I will ever say about GoDaddy is that their phone support team is generally very knowledgeable and helpful. Call them, and call them often. Since you're forced to use them, might as well make them earn their money.
Yup. I don't spend more than 5 minutes in the documentation now; just work out what you need to know from them and get in the call queue.
One nice thing is that once the CSRs see that you're not inept, they will often give you more background or tell you how to make an end-run around something, rather than just "ok you're fixed" or "we don't do that".
Stay with VeriSign.
Well sure, but it's too late for that.
True, but technology is cyclical. You can always go back.
Latest salvo in the email jockeying made me throw my stress-foam thing across the room. Stupid son-of-a-beehive is using this as an excuse to push back on us having a test environment. At all.
Just to be clear, he's saying that because GD doesn't have dev/test certs you should get rid of your testing environments? That's brilliant.
He sounds like a real winner.
He thinks it's all just a waste of resources and we should just make our changes directly to the live sites and do all development there.
That guy is a walking IT disaster.
You've got the right overall idea, MomGamer. You may be forced to do it his way, but you are in the right, and he is 100% wrong.
Totally out of my depth here, but can't you go over his head? Talk to his boss and warn them in no uncertain terms that this guy is about to explode everything to try and save the company a paltry amount of money. Emphasize try, because in the end he is probably going to end up costing the company a fortune on downtime, with all the issues you guys will end up having to overcome.
Document all of these interactions. When they happened, what you suggested, how you were rebuffed, what you tried next.
Dr.Ghastly wrote:momgamer wrote:Latest salvo in the email jockeying made me throw my stress-foam thing across the room. Stupid son-of-a-beehive is using this as an excuse to push back on us having a test environment. At all.
Just to be clear, he's saying that because GD doesn't have dev/test certs you should get rid of your testing environments? That's brilliant.
Sort of. He's just decided one doesn't need to test using the same technology as your production environment and one doesn't need to test any operations procedure. You just make the change directly on the live servers and then try one SSL function and if it works everything is fine. Oh, and we don't need to bother with any sort of rollback or emergency procedure if we find that something has gone wrong.
I can see nothing bad coming of this plan.
Because of this:
...but you are in the right, and he is 100% wrong.
I totally support this plan of action:
Totally out of my depth here, but can't you go over his head? Talk to his boss and warn them in no uncertain terms that this guy is about to explode everything to try and save the company a paltry amount of money. Emphasize try, because in the end he is probably going to end up costing the company a fortune on downtime, with all the issues you guys will end up having to overcome.
Seriously.
Being right doesn't mean getting to overrule policy or that going outside the chain of command won't cause you to be fired. Those sorts of tactics need to be used very carefully.
As a professional QA Analyst, talk of eliminating a test environment makes me shudder and cry. I've been pushing for months now to get SSL certs installed in the test environment, and after two or three launches that needed rollbacks because of SSL issues that weren't testable with self-signed certs, I think we're finally getting them.
One of the rules of QA is that any difference between the test and live environments will definitely cause a major problem at some point. And let's not even discuss launching directly from dev to live. That's a bad idea always.
Are there other people you can cc when you write to him, so it's clear that any delay will be his fault? Or is that too political?
Oh, Pinocchio...
I have worked for a similar type of IT manager. I call them the Douche-Master.
Pages