SSL Certificates

[TonyBurn]

I'm currently considering creating an e-commerce website as part of an already establised business. Whilst pricing up the initial setup costs I will have to consider obtaining an SSL certificate. There are many companies that will supply a certificate, my question is that with such a range of prices what makes a basic SSL certificate from Verisign any better then one from GoDaddy considering the considerable difference in price ?

Has anyone got any other suggestions on how to go about obtaining an SSL certificate ?

Any feedback muchly appriciated.

[Moby-Dick]

I've always bought 3rd party verified certs from Thawte when needed. If you are running an ecommerce site then a repulatble cert is a must. Do Godaddy make as many checks to ensure that you ( and your company ) are who they say you are ?

[TonyBurn]

Well it makes no difference to me, GoDaddy seem cheaper so would be the obvious choice for an SSL certificate.

When I shop online I just look for SSL being used when using pages with sensitive data, I cant say I ever look into who provides the certificate to whatever company I might be buying off.

[TiG]

The reason that is because of this...

"Relies on no third party for its Public Key Infrastructure; our Certificate Authority owns its Trusted Root."

Means its only as good as its secure site, i wouldn't touch this with a barge pole, thats why the cost is so much different.

The whole point is that you should as part of a SSL communication go to a trusted third party to gain the key, thats why thawte and versign and bt etc are more expensive for certificates.

I'd definitely pay the hundred to two hundred quid for the versign version.

TiG

[DaBeeeenster]

We use Geotrust - they are not that pricey...

[eek]

Its partly a question of what you want.

Do you want the padlock by itself,
the padlock with company information when you click on the padlock
or the padlock and a graphic to display on your site.

Now if its purely the first bit you why spend more than neccessary (assuming that you can use IE6 and it accepts the certificate without any complaints).

If (and I doubt many people do this so it may not be an issue) you want people who click the certificate to see your company details than the more expensive certificate where your company details appear is worthwhile.

If you want a graphic on your website confirming that the certificate is valid (and this may or may not be worthwhile but its an interesting question so I'll ask around) I would also go for the more expensive certificate with company name.

In cases 2 or 3 I would however pick a company with a better name Godaddy are a good firm but their name just doesn't sound right. There is a reason why banks use expensive furniture and cover their floors with marble. If people want reassurance they look for respectability and expense. Godaddy just doesn't sound right.

[peterb]

If you just want to secure the transactions, you can self certificate (ie, issue your own) If you want the trust factor that your company has been checked and there is some assurance that you are who you say you are, then use Thawte or Verisign. (Different company with different products even tough Verisign bought Thawte a couple of years ago)

[eek]

A self certified certificate will not be automatically accepted by IE or Firefox for that matter. If you are selling goods you do need to have a certificate signed by someone IE knows about.

Beyond that its a matter of what bells and whistles you want (and are willing to pay for). My research seems to suggest that the bells and whistles are not of interest to many people but that may depend on who you are selling to (internet literates may not care, those who are unsure will want every comfort blanket you can offer them).