Geeks With Blogs
Jim Becher blog
I often get questions from both administrators and developers on the best way to secure their sites. By secure they are almost always talking about SSL (Secure Sockets Layer - more info). They ask which ssl provider is the best? Is it hard to setup? What does it cost? Which of the cheaper providers are the best? Should I self ssl? These are all great questions and I think they are worth exploring.
Lets tackle each of the above questions.

1. Which provider is the best?
There are a ton of ssl providers to choose from. I could spout off at least 10 from the top of my head. The first one people always mention when I ask them is Verisign. Verisign has the name recognition and probably has been around the longest. I have used them many times over the years, when clients complained about verisign's cost (starts at aprox $700) I often refered them to Thawte Thawte was actually purchased by Verisign. These prices have changed over the years with competition and many new providers offering cheaper solutions. With all this said I would still rank Verisign the best by name recognition and over all security (they do their homework before issuing you a certificate.

2. What does an SSL certificate cost? I have seen prices range from 1000's to free. A typical ssl will run between 800 (verisign) to 50 (godaddy). Price can very on the strength of the cert, security assurance, wild cards and warranty. Free SSL certs are available and you can generate your own.

3. Which of the cheaper providers are the best?
If you do a search for SSL purchase you will find dozens of providers and ranges of pricing. Almost all the major hosting providers offer ssl cert now. I am not sure when these providers started, but competition is good. In the early days of iis 4 you really only had a few choices of providers. I have not done a shoot-out or comparison of providers but I can say that in my experience that godaddy does offer a very attractive price and robust ssl cert. I have used them frequently in the last year with great success.

4. Should I self ssl?
Self SSL is a term where a server will sign it's own certificate. This is commonly used in internal sites(intranet) where the data is needed to be encrypted by local trusted computers. Self SSL's are good to secure data that is not of high value. It is not recommended to use a self signing ssl on your e commerce site.

5. Are their Free SSL providers?
Yes, there are some free providers that will validate and sign your certificate. I am a big fan of CAcert. I use them frequently. However, I will say the same thing, you should not use this on a site where security is critical say an e commerce site. I use these certs to secure (dashboards, admin sections of sites, development environments, QA sites, user administration, etc...)

All of the information I have discussed is from my experiences. There are a few great references out there for you to read before listening to my selections. I recommend reading the ssl comparison from (WhichsSL) http://www.whichssl.com/comparisons/index.html
Posted on Wednesday, January 17, 2007 2:26 PM | Back to top


Comments on this post: SSL Certificate Questions

# re: SSL Certificate Questions
Requesting Gravatar...
Hey Jim,

Nice Write.. When you mention 800 to 50, it USD or Euros. Please clarify... Also, can you please provide the to-date price for SSL Certificate.. This write up is a year old..

Thanks in Advance
Kamlesh
Left by Kamlesh on Feb 06, 2008 1:25 AM

# re: SSL Certificate Questions
Requesting Gravatar...
Kamlesh

You can find ssl certs in all price ranges.

I have used Godaddy recently (29.99 US for 2 years)
Many of my clients use Thawte or verisign (Verisign owns Thawte)
Thawte is typically 199US and Verisign is a bit more around 695us.

Drop me an email if you have more questions
Left by Jim Becher on Feb 11, 2008 11:06 PM

# re: SSL Certificate Questions
Requesting Gravatar...
Hello,

Can we use 1 Verisign certificate for 2 URLs ?
Left by Rujuta on May 07, 2008 3:59 AM

# re: SSL Certificate Questions
Requesting Gravatar...
just what is the advantage of cacert over self signing -- when I go to join their community I get a an "untrusted connection" warning, the same as a self signed certificate, I would assume that any users using one of their certificates would also get a warning???
Left by Fred Foss on Jun 16, 2010 11:26 PM

Your comment:
 (will show your gravatar)


Copyright © Jim Becher - Untangle the Web | Powered by: GeeksWithBlogs.net