Hi,
Im not realy a newbie on the web but can sometell me all about SSL Certificates?

Chris

Try these two links:
http://home.netscape.com/security/techbriefs/servercerts/index.html
http://www.rsasecurity.com/standards/ssl/basics.html

SSL certificates offer multiple levels of security.

The first is an encrypted connection between your browser and the server where the certificate is installed. This connection allows all traffic between your browser and the server to be sent in a mode that prohibits it from being "sniffed" by a third party - since regular traffic between your browser and the web server is sent in plain text.

The second level of security depends on the CA, or certificate authority and how hard they work to validate the certificate that they issue. The CA is a third party "trusted authority" and is supposed to guarantee that you are whom you say you are. This would prevent me from getting a certificate saying I'm IBM-SALES-US.COM and representing myself as IBM Business Systems. There are varying degrees of authentication done here, depending on whom you go with as a CA. In my opinion, Verisign is the most rigid, followed by Thwate, then Tucows and Entrust.

The "instant" certs that you can get for $50-$100 don't really authenticate anything. They simply give you a scure connection. Many people believe that this is acceptable - and that the trust between you and the website you are doing business with is implicit and not guaranteed anyway.

The biggest problem from the end user's perspective with the "cheap" certificates appears to be one of browser compatibility. If the user has to acknowledge or load a CA's authority certificate in order to use your website, they are likely to move on and not do so. You really want to be as browser compliant here as your intended market requires.

Hope this helps.

-Tim

Originally posted by thewitt
The "instant" certs that you can get for $50-$100 don't really authenticate anything. They simply give you a scure connection. Many people believe that this is acceptable - and that the trust between you and the website you are doing business with is implicit and not guaranteed anyway.

IIRC, at a minimum they all verify that you are the legitimate owner of the domain, so they provide some protection against DNS hijacking.

But for most companies on the internet, Authentication is a non-issue anyway. Does it really matter if Verisign authenticates that you are Bob's Hosting Company? For someone on the other side of the world who has never heard of you, I don't think that it does. Authentication is important for companies like Microsoft or IBM where people place a trust in the name, but is rather less important for small companies which are judged on their actions rather than their names.

If you ever decide you need one we used equifax.

http://www.equifax.com . It's so much cheaper than the other companies and all browsers pretty much support it (mozilla, netscape, Iexplorer). $99 / yr

I got my QuickSSL cert on Monday! $99 could not find a cheaper way to get a real cert, if anyone knows of a way to get one cheaper (that works for at least MOST browsers and that means Netscape too!) then please tell me (as I need to get another ssl cert in about a week).

Guess it'll probably be another QuickSSL cert unless something else comes up.

Oh yeah Equifax is the supplier of the QuickSSL cert, don't think I mentioned that :)

last I checked you got the first year free and works with most newer browsers

Geotrust, Equifax Secure and FreeSSL are all part of one entity. :) If you look at the table at http://www.freessl.com/ it'll show you the browser support for each type of cert. 30% of browsers supposedly don't have the Root Certification Authority (CA) for FreeSSL, so a warning dialog is shown to users with those browsers (everything except IE 5.01 and higher). For a business site, that may be an important factor.

Through OpenSRS/Tucows resellers, you can get SSL certs that have the Thawte CA as their root (and Entrust as a subordinate CA), so they are recognized by 99% of browsers. There's more information at https://certs.tucows.com/ ... You can get Tucows certs for as low as $115/yr (or even lower if you yourself are a reseller).

Through OpenSRS/Tucows resellers, you can get SSL certs that have the Thawte CA as their root
Equifax certs, or at least the normal ones, do have a Thawte CA.

But is it still possible to buy Equifax Secure certs? When you go to the "Digital Certificates" section of their site, it redirects you to GeoTrust.

But is it still possible to buy Equifax Secure certs? When you go to the "Digital Certificates" section of their site, it redirects you to GeoTrust.
Sure it is. You only get that because GeoTrust purchased Equifax Secure a few months back.

Originally posted by sbrad
Sure it is. You only get that because GeoTrust purchased Equifax Secure a few months back. Now that I notice your signature, I know what you mean... :) I don't think you can buy certs directly from Equifax Secure (is there a page where you can?), but you can buy from resellers such as SSL4Less.com (https://ssl4less.com/) -- only $79, a great price. I noticed even your Equifax cert is not issued by Thawte, though...is it different from those you sell?

Er, I'll be careful, so as not to enrage the Chicken...but...
SSL4Less sells regular Equifax certs. These are not the Quick SSL certs, but the ones with 98+% browser compatibility, and it comes with True Site. It is not a Thawte cert. BUT, Equifax certs have a Thawte root CA.
I don't think you can buy certs directly from Equifax Secure (is there a page where you can?)
Yes, you can. It's at http://www.geotrust.com/building_trust/.
Like I said, EFX Secure now belongs to GeoTrust, so you ARE buying direclty through them.
This gets a little confusing, eh? :cool:

the quick ssl certs are on offer at the mo. $49. not bullet proof but still 90% accepted. or so they say.

Originally posted by thebyp2
the quick ssl certs are on offer at the mo. $49.

Am i stupid or what?
http://www.geotrust.com/quickssl/ says $99???

I can get customer SSL for $49 becuase I can get thru GeoTrust Special Offers.

Your not stupid! Theres a special url you have to go through. When i dig it out i will post it here.

***Update***

The offer is only open to those with freessl certs. So if you do have one, and want a quickssl cert, then buy it now!

Hi,

Equiax was chained from Thawte so all the older Equifax certs will have make a chain back to the Thawte root; this was done to give Equifax wider browser support.

Equifax/GeoTrust now have their own roots which are shipped with most of the newer browsers, but some still require and update.

Just wanted to clear up any confusion about the Thawte/Equifax cert chain...