When I set up this blog, and the Redmine and SVN subdomains, I didn’t realize that I would need a “wildcard” SSL certificate (or multiple individual SSL certificates and multiple dedicated IP addresses, which would get expensive). Those are available, but you pay a premium for them.
Except at StartSSL.com. Which offers an unusual value proposition: you pay to validate your identity, as an individual or an organization, but SSL certificates for domains you own, even wildcard certificates, don’t cost anything extra.
Validating your identity is a bit convoluted and time-consuming. It involves setting up a free personalized secure “channel” to the StartSSL website (which involves downloading a personal security certificate that the site generates for you), and then submitting scans of personal identification documents (e.g., passport pages and driver’s license). That’s more than what you go through to get a “simple” SSL certificate from other certificate providers, but not too onerous. They do actually call you to verify certain things, too, so you have to be available at a “known” phone number.
The site’s user interface is a little odd, and I sometimes had to cancel and resubmit a request to get it to “take”, but it was all pretty straightforward in the end. Besides, I very much appreciated how responsive the staff at StartSSL was.