SSL Certificate Providers

I'm pretty confused about how what seems to be the same thing can be $79 a year at one place and $1395 a year at another place.

So... For all you experienced with SSL certificates, buying them, installing them, actually using them, making claims etc.

Who do you use and why?
Which one can you recommend?
How much are you paying and how can you justify it?
What sort of environment are you using yours (retail/services)?
What are the things to look out for?

Should I look for a UK supplier or doesn't it matter?

What's the difference between an active and a passive site seal?
What's a wild card?

As you probably know after reading all that, I'm an SSL newbie. Even after reading quite a bit on it like this site. Flood me with your info and I'll suck it all up thank you.

 

the only real difference between any of them is the SSL (64 bit, or 128 bit encryption). Other differences are that not all browers "trust" all SSL providers by default, so if you buy one for say $79/year there is a chance the browser will pop up a message saying that your SSL certificate is not trusted (but option will be given to trust it at that point). If you buy for 700 or 1300 (thawte or verisign), by default, those are trusted to like 99% of browsers (thawte is supposed to be on 95%, verisign on 100%) - so no such message will appear. Its mainly an issue with older browsers.

Personally, I'd get one from thawte or verisign. I used a shared one thru yahoo, so I don't have the expense. Remember, the price is per domain name, not per IP address.

 

In theory, you are purchasing trust from SSL Certificate vendors. The more people trust a Certificate Authority, the better the product is supposed to be and the more they can charge for it. That is why Verisign can charge more for their product.

In reality, most people trust what their browser trusts, therefore, default browser installation seems to be the deciding factor in quality.

Some of the CAs do not own their root, and therefore require you to install an extra certificate into your Certificate chain. Other factors include warranties, support, widcards, speed of issuance, etc...

http://www.sslassistant.com for an unbiased review of certificates and certificate authorities.

 

I would add here that those for $79.95 (e.g. www.instantssl.com) often use intermediate certification authorities, which are trusted by most browsers. For example, certificates distributed by Comodo will have this chain:

Your Domain > Comodo > GTE CyberTrust

Comodo CA is not in most browsers, but GTE CyberTrust is and as long as you install both certificates on your machine (Comodo will send you both), you will get most browsers working just fine with these less-expensive certificates.

Another thing is insurance. More expensive certificates sometimes come with insurance that cover you in case if somebody breaks the encryption offered by the certificate.

J.D.

 

Thawte's white papers aren't working so I'll try here.

SCG or Server Gated Cryptography - what is it and what are the benefits?

 

Server Gated Cryptography is where the client browser receives the certificate and sees it is SGC and therefore starts a highly encrypted session, but these days the only real benefit of sgc is if the client has an older browser.

 

Hmm yeah I just found it's a load of bollocks they're happy to charge you more for:

http://www-uxsup.csx.cam.ac.uk/~jw35/courses/using_https/html/x773.html

Thanks aqi32, appreciate it.

Verisign charges outrageous amounts whilst someone like Thawte does the exact same. Then they brag about a trustworthy name but come on, who cares who signed it. Punters look for a padlock. If it's there they're happy. This whole SSL business is designed to be as complicated as it possible can get it seems just to confuse people into buying more than what they need.

Awaiting a call back from Thawte on their multi certificate SPKI deal. I expect 'buy bulk - get discount' but after all this reading and digging it's probably going to be 'buy bulk - pay more for the privilige'.

We'll see...

 

you're welcome

hehe, yeah it's always the same isn't it, flash a few fancy names around and try and sell it for more.

Totally agree it is overcomplicated for those of us who only need it for simple things, i don't process orders but do provide a service which one part of it requires it to run off an ssl cert, i went for a $16 cert from registerlfy, works wonderfully. What's the difference? why so cheap? the limit with these really cheap certs is the amount of orders you can process, although they give no hard limit start processing thousands upon thousands of orders a day and they're likely to quote some small print and ask you to upgrade to a different cert, but seeing as i don't process orders it is a prefect solution for me

 

Thawthe's SPKI seems right for me since I need 6 certs now and more later. Gives me 25% off regular Web Cetificates (not the 123 ones which don't include compny authentication which I thought I might as well chuck in). And once SPKI is set up I can issue new certs myself instantly apparently so no need to go through the whole process again and again.

It's still $149 per certificate per year though (first year, second and further is $129). But I guess on the thousands of orders we process it's not that much to add a little 'trust' puke : )

 

hehe yeah that sounds like it would suit your needs, let us know how it goes with them

 

I got mine from EV1 because of the low price, it's only $14.95/year. Yes, I recommend them.

I'm using it on my ecommerce website and it works fine since the first day I installed it.

 

Hi,

I use www.ssl-certificates.com for my ssl certificates. They were the cheapest that i had found and also issue the certificates straight away. They are a geotrust reseller - i contacted them and they said they buy in bulk from geotrust to be able to offer the cheap prices.

I have been switching my comodo certificates to them because they give a year for free when you swap over. So far i have moved 12 certificates to them and have not had to pay a cent for any of them. Can't complain about that.

They also seem to own www.flexissl.com as well.

I hope that helps someone else looking for certificates at a decent price. They also told me people are simply willing to pay verisign and the others the high price for certificates and they were looking to "shake things up a bit" - when you think about, its only a piece of code!

Rebecca