Choosing an SSL Provider? 183
An anonymous reader writes "I have recently been tasked with switching our SSL certificate provider and it's proving not to be easy. We use an internal authority for our own stuff and then we buy certificates to protect outward-facing sites (a lot of them). My question for this community is: How do you choose a certificate authority to use? There is price, service (why we're leaving our last vendor), warranty, and products offered as the only differentiators I can find. Is there any public resource that would show me actual customer reviews of CAs like Verisign, GeoTrust, Comodo, Trustwave, and DigiCert? Our last vendor did a really poor job with support and I would like to make a reasonably educated decision."
RapidSSL is your friend (Score:5, Informative)
If you're just after a basic root cert, RapidSSL(Equifax) is your best bet. If you need the stronger, blood-of-your-first-born cert, Verisign is the place to go.
Regards,
Impression (Score:4, Informative)
SSL (Score:3, Informative)
There was one year where we wanted to try the EV-SSL. We decided to go cheap and went with Comodo. Big mistake. It didn't work, and after dealing 2 weeks with the support people there, we gave up and went back to Geotrust. They would only talk to us via email and were generally very unhelpful. I'm not saying that is what everyone experiences, I'm simply stating our own.
Re:RapidSSL is your friend (Score:4, Informative)
Usually they are 1024 bit RSA with SHA-1 signing (80 bit). These are deprecated by NIST for use past 2010.
MS don't support SHA-256 signatures in XP, until SP3, which explains some of the delay in rolling out stronger roots.
Rapid SSL Wildcard (Score:5, Informative)
It depends on your needs but (Score:2, Informative)
Digicert all the way (Score:3, Informative)
SSL Shopper (Score:5, Informative)
Re:What sort of support do you need? (Score:5, Informative)
Thawte (Score:4, Informative)
We use three different providers (Score:1, Informative)
Client Facing
We use Verisign [verisign.com] for anything a client will interact with since we can use the Verisign Secured Seal [verisign.com] on any web content on our site. Our studies have shown a percentage of our users actually know of the Versign secured logo and helps to assure them of the security.
Non-client Facing
We use Thawte [thawte.com] certificates since these are much cheaper than Verisign, and are fully compatible with most browsers/mobile devices.
QA/Dev Servers
We use GoDaddy [godaddy.com] for internal/external tests and projects. They are cheap and quick, which makes them useful in a non production environment.
Re:Buy a real SSL cert, with location info (Score:5, Informative)
$$ vs requirements (Score:1, Informative)
https://www.thawte.com/ssl-digital-certificates/buy-ssl-certificates/?click=buyssl-buttonsleft
$699 one year
https://ssl-certificate-center.verisign.com/process/retail/product_selector;jsessionid=F682F047C9C50A9204F1B5A1F3971614?uid=d62acac0de1cbeb4b281f52d35982a1d&product=GHA002
$1,499 on year
Both certificates will pass all of the major security benchmarks (pci, hippa, iso20001, etc)
depends on devices... (Score:5, Informative)
Godaddy. And, SSL use will increase. (Score:3, Informative)
The cert auto renewed and I wasn't expecting that, but a ticket to their support center and I got it canceled and refunded. So pretty good service I think.
But watch out. The more that ISPs start filtering content, and the more that governments increase monitoring and censoring data on the web... you're going to see rising demand for SSL certs and rising instances of the, pay more money for a green url bar nonsense.
The SSL providers are trying to sell you on the idea that it's the cert that makes the site trustworthy. Meanwhile, all you really need the cert for is the encryption.
IE7 has succeeded in making shared certs utterly useless. Too bad for the little guy who was using the shared cert provided free from his hosting company, because you can no longer use it without an enormous frightening message from the browser.
Look for more of this to come.
Re:Depends on priorities (Score:5, Informative)
Re:Buy a real SSL cert, with location info (Score:2, Informative)
Re:May I ask ... (Score:3, Informative)
Re:RapidSSL is your friend (Score:3, Informative)
Nope. RapidSSL is a brandname of Geotrust (which in turn is a brandname of Equifax). Geotrust also offers QuickSSL Premium certs, which are signed with the standard Equifax Secure CA root certificate, which, to my knowledge, is distributed with all mobile devices currently on the market.
The pricing for QuickSSL Premium certs is not much different from the bigger vendors, but the service we've gotten so far from Geotrust is excellent, and their simple no-nonsense verification systems means we get to deploy certs within five minutes from submitting the CSR.
Full disclosure: I work for a Geotrust reseller. We picked them because we got fed up with our previous supplier.
Mart