Quote Originally Posted by Brian Altenhofel View Post
I don't know how I missed this response. Might have checked the forums half asleep that day or something.

Yes, I currently use it, but mostly for clients that only need to secure their login. The reason I don't use it for general e-commerce at this time is it's been unclear whether it would be considered a reputable signed certificate by insurers, so in those cases spending the $30 or less per year for a certificate from someone that is widely recognized outside of the the Internet world makes more since.

The short lifetime (90 days) has one main benefit - smaller window of exposure in the event of a compromised private key.
I just watched Security Now with Steve Gibson yesterday and he said that it was adequate for testing environments, but at the moment it's a little bloated, and the fact that it's open kind of concerns him.

They also talked a lot about Firefox and WoSign and how there needs to be a zero tolerance attitude from CA's.
Firefox ready to block certificate authority that threatened Web security | Ars Technica

The whole episode just made me want to skip taking the chance and just spend the $70 or whatever it costs from my host now.