SSL cert choices

Status
Not open for further replies.

MOH

New Member
Looking at SSL certs for a new e-commerce site. Namecheap are offering validated Comodo certs from $35/year - Namecheap.com - Comodo SSL Certificates - Business Validated. The InstantSSL seems to cover all the basics.

Not sure what kind of questions I should be asking though. If I'm looking for something for a single domain, low-cost transaction, medium volume site, do I need anything more than this?

What kind of benefits do the more expensive certs offer? Aside from the 'green bar' extended validation, which I think I can live without for the moment.

There seems to be a huge variation in prices from various suppliers, without a lot of difference between some certs.

[edit] The exact same InstantSSL cert that costs $39 for one year on Namecheap appears to by €149 on Comodo's own site: http://www.instantssl.com/ssl-certificate-products/ssl/ssl-certificate-instantssl.html


 

paul

Ninja
I've just gone through the process of getting a EV cert. via https://www.thesslstore.com/ In the end I went with SSL Web Server with EV from Thawte. The client wanted the whole shebang, and it was a bit of a pain verifying who we were, but in the end it worked out. They wanted a cert from one of the big guys, like Verisign or Thawte. I like the idea of the Green Bar personally, https://store.blacknight.com/ just looks better IMHO. There are a few issues with compatibility, with the bigger companies covering more browsers. Some of the providers are a little more flexible of renewals, some go as far to ask for all the details again.

Here is a few case studies about the Green Bar Why do I need EV (Extended Validation) SSL certificate? | The SSL Store Blog - SSL Support | SSL Installation | SSL Offers | SSL Knowledgebase

For price, do shop around, i got a recommendation of a pretty big reseller, TheSSLStore.com

If you do want to use my affiliate link for thesslstore.com feel free.
 

MOH

New Member
I'll check that out, thanks. Might still hold off on the EV for the moment - but I'll check those case studies, though the link just gave me a DB connection error. Prob just a temporary thing.
 

MOH

New Member
The problem with EV is it's a kind of security theatre. First you had standard SSL, and users being warned to look for a padlock and https. Now it's "well, that's not enough, now you need to look for a green bar".

It's just an excuse for SSL companies to charge more for certs. There may be an additional verification stage, but a standard, organisation-validated SSL already needs your company registration docs for verification, so not sure what more an EV cert requires.

Plus, all an SSL does is secure the transport between you and the website. There's no guarantee your details aren't going to be hacked off the server or fraudulently used after you've given them. And the SSL warranty doesn't cover the user for that. That's one of my problems with the whole green bar thing, to me it implies to the end user that the site is perfectly safe to use, while in reality it guarantees nothing of the sort.

Sorry if this comes across as a rant, I just think it's one of those things that gradually becomes necessary because everyone else has one, not out of any inherent value. Comodo's certs have 'the corner of trust' - a large red triangle in the lower right that pops up when you hover over it confirming the security ('in real time'). Aside from the fact that IMHO it looks awful, surely something like that is as valid for reassuring users than a green bar which half of them probably don't even know the reason for?

Plus not sure how much it's catching on here - neither AIB or RaboDirect's online banking pages have a green bar.

EV aside - is there any difference apart from warranty value between the myriad of different certs.?
 
Status
Not open for further replies.
Award-winning Mac antivirus and Internet security software
Top