Which SSL cert company should I go with?

gregallen2592 · 2014-01-13T20:27:00.000Z

We have a management system that has a web front end and SQL as the back end. We have kept outside access locked out, but now we need to allow external access which will involve making the management app URL accessible from the outside world. I will install a cert in IIS for the site this week, but while researching CAs, I noticed a HUGE price difference in Symantec’s (formerly VeriSign) certs and everyone else’.

If you needed to secure a site that maybe 40 internal users and 5 external users access, where would you buy it from?

tedsamuels · 2014-01-13T20:38:41.000Z

GoDaddy is an economical choice 69/year.

radupopa6243 · 2014-01-13T20:41:21.000Z

GoDaddy also here, they are the cheapest.

ronfcampbell · 2014-01-13T20:42:25.000Z

GoDaddy

brendanoneill · 2014-01-13T20:46:33.000Z

I use CheapSSLs.com. Even cheaper than GoDaddy.

gregallen2592 · 2014-01-13T20:47:45.000Z

Any real difference? Surely a $70 cert and a $1500 cert has to have some sort of difference right? The Symantec/VeriSign certs are over $1000 each! Yikes!

robt · 2014-01-13T20:49:12.000Z

+1 for GoDaddy

I’ve always used GoDaddy for internal systems / websites (including external access for staff)

I then use a stronger provider such as thawte for company websites or systems that are client / customer facing

robt · 2014-01-13T20:50:55.000Z

VIBROLUX REVERB:

Any real difference? Surely a $70 cert and a $1500 cert has to have some sort of difference right? The Symantec/VeriSign certs are over $1000 each! Yikes!

the difference is the insurance, look at how much the provider will pay out if your SSL is compromised
totally want to use Symantec/VeriSign for an eCommerce site

ronfcampbell · 2014-01-13T20:51:49.000Z

VIBROLUX REVERB:

Any real difference? Surely a $70 cert and a $1500 cert has to have some sort of difference right? The Symantec/VeriSign certs are over $1000 each! Yikes!

There are different types of certs - single name, SAN, Wildcard, etc.

The same type of cert from a different provider is still the same type of cert - just that the cost may vary.

cannelongo · 2014-01-13T21:05:46.000Z

GoDaddy is a safe bet, and you should be able to get that discounted down a bit just through a Google search (as their AdWords campaign often provides a link that gives a discounted price). You can also look at a reseller, but your mileage may vary. I’ve used The SSL Store before, but I think they save credit card information and allow for a renewal without authentication as long as you have the renewal e-mail link, which makes me a little nervous.

I’ve also used StartCom’s StartSSL site to get free 1-year SSL certs. They only do domain validation on the free ones, but for your application, it sounds like that may be all you need. They’re very responsive by e-mail and phone, but the site does sometimes give “over capacity” warnings during periods of heavy utilization.

rj0 · 2014-01-13T21:07:18.000Z

RapidSSL is another one. If you just need one for company users go for one of the cheap ones. They will be fine.

I just went through this whole process. We started accepting CCs to pay for client’s bills online so we wanted a very secure, very recognized provider that would provide visual assurance that all was safe and we went with the Symantec SSL extended EV.

What is the main difference wiht Symantec you ask? The difference is at what length your company is verified to be exactly who you say you are. They dug very deep into the history of this firm to verify us. The found that we had changed our name 5 years ago and questioned me about it. The also want public documents of the company as well to support you are who you say you are. Business Licenses, Opertaing licenses, Partnerships agreements, etc. Anything that supports identifying your company. The also look into any aspects that may have been publicly report abotu your company.

With cheaper certs, the only verification that occurs if any (beyond a WHOIS record) is that you provide them with a number or email address to call / email to verify the business. Obviously, this is not very through at all and anyone can get an SSL cert with bogus information.

The Symantec EV application process was VERY intensive. They dig into the history of the company to verify 100% that you are exactly who you say you are. Along with the cert you can use their logo on your site, you get the pretty green bar in the browser and the other stuff that goes with their certs as well to visually comfort the user that it is indeed secure and safe.

I can tell you that if you see that Synmantec EV logo for a site you can assure yourself 100% that the company is legit and is safe to use your CC with them. No doubt about that. And that is why they cost so much more. They go through a very detailed process and adhere to it rigidly.

aceofspades · 2014-01-13T21:18:54.000Z

We use GoDaddy for our certs and our clients as well (mostly SMBs). The sites that use Symantec and Entrust (from what I’ve seen) are banks, airlines, eBay, Paypal and the like.

mkstead · 2014-01-13T21:19:13.000Z

We were with Thawte, until Friday. With the new regulations that have been pushed down regarding SSL encryption we had to find a vendor that would give us the correct algorithm. Godaddy was the least expensive.

I would recommend Godaddy as others have recommended.

sgestwicki · 2014-01-13T21:25:17.000Z

I have not personally used them but have heard great things about DigiCert.

andytg · 2014-01-13T21:36:05.000Z

VIBROLUX REVERB:

Any real difference? Surely a $70 cert and a $1500 cert has to have some sort of difference right? The Symantec/VeriSign certs are over $1000 each! Yikes!

The difference is mostly in name only. The certificates are cryptographically identical. The difference may be the number of devices that come with VeriSign’s trusted root certs installed (used for verification). For instance, I can go and create a cert that is identical to VeriSign, it’ll even say that it comes from VeriSign… but your browser will throw up a red flag because it doesn’t match one of the trusted certificates installed on your computer.

Other differences may be in how the company performs their Extended Validation/Verification, pretty little GIF badges that no one could ever replicate, and the insurance policies… that will probably never pay you a cent.

Comodo seems to have become a big name in the CA business lately. They offer good prices and are available directly and through a variety of resellers. I would just go with your domain registrar, as many of them also offer certs and you can consolidate the accounts and invoices.

fredferrell6601 · 2014-01-14T04:20:05.000Z

GoDaddy, because it is already installed on most systems.

Kenny8416 · 2014-01-14T09:47:57.000Z

As already said, the difference is the insurance levels, plus they type of cert, but all suppliers will sell you the same variety of levels (domain verified, organisation verified, EV, wildcard, SAN cert etc etc)

We use GlobalSign certs purchased through SSL247. I find a reseller can be useful, particularly if you need some advice on what level of cert you need, and have had good honest advice from SSL247 over the years

georgebardissi0515 · 2014-01-14T10:42:54.000Z

We use Thwate for all our SSL certs.

maxsec · 2014-01-14T10:45:05.000Z

Comodo

Godaddy is just rubbish on customer service - they’re the cheapest for a reason!

billlee5395 · 2014-01-14T12:48:21.000Z

+1 for StartCom’s free StartSSL certs - great for webmail, tsgateway, etc. They say the best things in life are free… and when your IT budget is thin, you make the best of what you can get. Often your time is the only investment that you can afford to spend on something as small as this, but if they consider your time to be equal to money, you might be just as far ahead with a cheap one from GoDaddy or similar.

StartSSL only supplies basic certs, however - free to get Level 1, but they do charge you for anything higher. Oh, and make sure you get it right the first time, because they also charge you to cancel a certificate if you mess up during your registration.