Last Friday our SSL certificate for this site expired. In general this is used for only a couple things – protecting our administration of our site, store, and such; our Informant OS X update checks, and for when you get to entering customer information on our store. The actual order process goes through Stripe or PayPal via their SSL connections so there was no security lapses there.
So why did we let it lapse? Well…arguably we didn’t. I started the process a week before expiration because normally its a 24-48 hour process to get an existing certificate renewed; however there was a slight flaw in my planning: We changed our company name this year and this put a real kink in the process. As part of the validation, we provided all of our government forms, private info, etc… but then we had to provide them our CPA information to validate as well. This hit a kink as we use a pretty major accounting firm in Austin which Comodo could not validate for multiple days. Seriously? Why? Because their company ID started with a zero and Comodo had trouble understanding they had to enter the zero as part of the ID check.
Anyhow – the long ordeal is over two weeks later. Next time we’re starting the process 30 days ahead of time…