I'm currently looking into SSL certificates which I'm quite new to and require some help with what to choose. I've come across several places out there and am wondering what peoples thoughts are on the best places with the best prices to get them from?

Best regards,
- Kurieuo.

Hard to beat that Geotrust quick ssl through RackShack for $49.

instantssl.com works great for me, its instant inactivation too!

Hello,

I am also kind of now with this. Can you tell me onething. Once I buy that Quick SSL Cert. would I be able to set the certificate on a special domain ? And it is same as a regular SSL certificate mosts of the site use or something else?

Originally posted by Omair Haroon
Hello,

I am also kind of now with this. Can you tell me onething. Once I buy that Quick SSL Cert. would I be able to set the certificate on a special domain ? And it is same as a regular SSL certificate mosts of the site use or something else?

Yup, the Quck SSL Cert is pretty much the same as the other regular SSL certs which are being used.

One point which may not be observe but pretty important is that the site url which you want to apply the SSL must have a dedicated IP address. It cannot be shared with any other site.

I got myself that RS $49 certificate and it is easy to install, at least on my RaQ.

Thanks. I'd come across InstantSSL before. RackShack charges tax on top, although the process seems more straight forward there.

I'm just wondering about all the different plans at InstantSSL. It doesn't seem really clear about which plan to get or why to get some plans over a cheaper one. Is the InstantSSL certificate for $49 alright for web hosts? Why would one get a higher certificate - or to put it another way how active with transactions would one have to be?

Best regards,
- Kurieuo.

So basically my question as well is what's the difference between the SSL Cert. offered by RS, INstant SSL (aka Comodo) and Thawte etc? Their prices vary and so do Cert. or am I wrong somewhere over here?

Rackshack resells for Geotrust and their QuickSSL cert is the same product as Equifax as Geotrust bought over Equifax. This is the same product as if you were to get from Geotrust directly. Only thing is that RS is selling it for $49+tax while Geotrust is doing it for $119.

According to their official website, the Geotrust has a 98% browser compatiability while the Comodo InstantSSL has a 95% compatiability. Of course, Thawte and Verisign has the highest level.

I am not sure about the Comodo, but the Geotrust SSL does not require you to send in corporate information and thus does not verify the corporate identity.

I guess it depends on what you want the SSL cert for. If it is to secure data transmission, any cert would work for you, apart from the compatiability issues.

If you are running a bank or high ticket items, you might want to go to Thawte or Verisign where apart from the secure data transmission, they manually verify the site owner validity and so on and may come with a level of insurance policy.

So for web hosting, the InstantSSL or QuickSSL should do nicely.

Ditto to what eddy2099 said. If you do a search here, you'll find that many people recommend NOT going with Comodo.

I did my research and ended up with a QuickSSL from RackShack. It was very easy to install and I've had no problems.

Thanks for the feedback Michael. Can you please tell me what is the exact amount Rackshack QuickSSL Cert. costs?

If I want to get the geotrust SSL cert from Rackshack , do I need a hosting acccount with them?

Cheers

Ofcourse no. You don't need to have a hosting account with them. You can have a hosting account anywhere. From your signature, I see that you run your own web hosting service. So you can use the SSL Certificate on any of the domain you might have. But there is one requirement as mentioned above, the domain MUST be on a Separate Dedicated IP Address.


--Omair

Thanks Omair for the info and yeah I do run one hosting company :)
I was always under the impression that rackshack offer the 49USD QuickSSL to their dedicated server customers only.

Thanks for the tip.

No Problem :)

Instant SSL has a better verification system than Geo Trust...some people do look for that. As far as browser compatability...it really isn't any better or worse than Geo Trust. Search for Instant SSL on the forums...you'll find some good info about them. hth

You do NOT have to be a RackShack customer to get their SSL certs for $49. After they add the tax, the total came to $53.04.

Just to comment --- it is a misconception on the verification system that some folks in th competition use to create FUD...

Ours is very strong..

IBM runs us on all their servers, Gap, Banana Republic...... and tons of othet large companies and agencies..

Neal

mean't "other" oops..

Welcome Neal! You can edit you posts by clicking the "edit/delete" icon in the bottom right of your post....

Cr.

Ok....... thanks for the tip.

Originally posted by GeoTrustCEO

Ours is very strong..

Neal

And expensive...

Tracy --- $119 to process secure transactions for an entire year is at all bad....

So is there any difference in buying a geotrust cert direct from geotrust or fom rackshack.

Apart from the price difference

Adam

I don't think so. But maybe I am wrong :(


Tracy --- $119 to process secure transactions for an entire year is at all bad....

Really? :rolleyes:

No there is no difference in our base product.. Rackshack is presently selling QuickSSL at a lower price....

anyway ---- I think we have the best pricing for the level of certs and service we provide.......

We worked pretty hard to be fair.....

Hey -- there is always freessl.com... we run that as well.

Neal

Neal, What's the difference between going to FreeSSL.com and GeoTrust?

To anyone out there wondering about GeoTrust, we have used them for certificates in the past and LOVE them, they work great!

Our FreeSSL product competes with Instantssl.....

personally (and you can call me biased- but honest) I would take freessl first.

Neal;)

FreeSSL does not have as much ubiquity... as QuickSSL..

However, it is a good product to use on low volume sites....

It is in both IE and Netscape now.....

I like the site because it gives the development community the ability to get a trusted cert without paying for three months.. If you want it longer there is a fee.

Neal

It also introduces folks to GeoTrust.

Ohhhh Noooo ...

Here we go again.

This thread will explain the differances between the certificates.

I think people are still waiting on Neals answers that he so cleverly is trying to avoid.

http://www.webhostingtalk.com/showthread.php?s=&threadid=67259&highlight=ssl4less

Have a great and profitable day!

After 3 months you have to pay $45 a year for the freessl cert, seems to make more sense to use it for development then get a geotrust cert from rackshack, only $4 more and in the end more compatiblity.

Adam

Tracy --- every day should be a profitable day.....

That just confuzzes me more.

Why the $45, $49, and what was the other $115?

If they are all the same, why are some cheaper than the others?

And why are you giving three months free with that $45 a month one? It seems to me you would charge more after the three months free.

Why wouldn't someone go with that? Why would someone go with the larger one rather than the three months free and the $45.00?

Originally posted by GeoTrustCEO
No there is no difference in our base product.. Rackshack is presently selling QuickSSL at a lower price....


Hey Neal, Can you tell me what is the difference(s) between Rackshack's cert and your selling?

If they were same, how could you explain the difference between prices?

Cem

From the looks of things the certs are the same, in the end they both come from rackshack.

From looking at the reseller options on the geotrust site, rackshack by the cert credits in bulk and sell them on at a discounted price.

Although from looking at the geotrust reseller site, they dont appear to openly off the quickssl cert but start with the next one above.

Adam

I'm going to be needing a SSL certificate within the next month or so. Initial I was thinking of getting a TrueBusinessID from ssl4less when they were reselling for GeoTrust.

However recent price increases by GeoTrust, the low cost of the QuickSSL cert and Neal avoiding answering questions in the other post that tracy posted has made me lean towards the new ssl4less option.

I really do not like it when the competition plants remarks on this board --- it is so obvious....

But hey --- it is a free country.... People can use silly tactics...

Kinda makes me really, really... well laugh....

:stickout

I love this board.........;)

I can assure you I'm not a member of the competition. This is the first time I've ever considered buying a SSL certificate and from what I can see there's no difference between QuickSSL and InstantSSL.

The only reason I can see for you to be skirting around the issue of differences between InstantSSL and QuickSSL is that there's no difference between the two. Of course if you know any different please feel free to correct me and explain why I'm wrong.

hmmm -- not to be insulting.. by why do you not have any contact phone numbers... or location for your company on your site....also, you may want to fix all the broken links and fill in those empty pages...

let me guess.. you are located in the UK....

Nice try....

I do respect the effort -- dont get me wrong.




;) ;)

Neal,

Might I ask who that was directed towards? I think in this thread that I am your only competition.

I think you may be a little paranoid and think that people are "out to get you".

If you can't answer questions about your own company, why even bother signing up on WHT.

You certainly are not protecting your "product", as you will not even answerd potential clients concerns.

Maybe they are not going to spend 1-5K on certificates this year and you can't justify the time that you will spend answering questions for the seemingly insignificant price of $119 that your potential client is about to give you.

I am not paranoid.....

don't be silly -- go have a beer......

<Sighs>
Ok first yes I am in the UK. You want to know why my site doesn't work? Why I don't have any contact infomation? Because I don't want wierd people contacting me tbh ;). If you want to know what I do then go have a look at www.evegate.net and www.duckandcover.net - I run both sites. You can even find a picture of me on evegate if you search hard enough.

Now will you please stop trying to label me as the competition and answer the question that I've put to you. What are the differences between QuickSSl and InstantSSL. Thats all I ask. As a potential customer your not doing very well to win me over.

I think you are trying too hard...

relax... be happy...

hmmm.. wonder how I knew where you were located......?

ha ha......

hey -- I am going to London in October.... can you suggest any good pubs....

Why do pubs close so early in London?

Hey Tracy, didn't know you called yourself Soulfish now! :D

<Sighs once again>
Ok if you really want to know where I'm located I live in the South East of England, Roughly 60miles south of London in a town called Hastings.

And once again I will repeat myself - I have nothing to-do with Comodo or Instant SSL.
I've been visiting these boards since December. What will it take to prove that I'm not competition and to get some straight answers out of you Neal?

Tracy has soul.........:stickout

ok -- lets all get along......

group hug...

tell me why the pubs close in London so early......

Before Tracy (and everyone else) gets confused, I was kidding - Soulfish is totally unrelated to Weberz and SSL4Less :)

Geo, how about you answer Soulfishs question?? ;)

(In answer to yours, because of licensing, but you can always move onto a nightclub or find a friendly publican for a lock-in ):)

I'd love to tell you why the pubs close so early in London Neal; only I have no idea why. Do you know why? Because I don't work or live in London. Whys that? Because I Live in Hastings, and because I don't have anything to do with Comodo.

If you want to go and check-up on some domains that I own that go and have a look at a whois of soulfish.net, or tech-central.net
Hopefully you may decide its in your best interest to answer the questions put to you rather then trying to get out of them by accusing the askers of being your competitors.

hmmm..

lets see we have better certs.. more ubiquitious and no chaining issues.... than the small players

that is probably why IBM, Palm, kmart, Gap...etc, etc .. use GeoTrust.

We are less expensive than Thawte... etc... etc..

if you want cheaper certs -- go to freessl.com -- we give them away.....

We compete with Thawte on our QuickSSL product
We compete with VeriSign with out True Biz product
We compete with small providers with our freessl product

If you want more take a look at our site.... or freessl.com...

Thanks on the Publican tip -- the closing of the pubs so early is too bad....

Neal

Soul --

I live in Boston... but I think the pubs close early in London because of a WWI era licensing law so workers would come to work without hang overs --- . The law stuck and there it is today...

or something like that... hey you should know that interesting history...you are only 40 miles away..;)

Woaw, nightclubs must have done a roaring trade in WWI ;)

Ok thanks for the history lesson ;).
Now that you've answered part of the question would you mind answering the other part - what hard conclusive facts do you have that prove that QuickSSL is better then InstantSSL?

I'm merely a customer trying to find out whats in his best intrests. After all I don't want to be spending $119 when I can get the same thing for $49 or whatever ssl4less sell it for :)

Hey if anyone needs a 128 bit SSL Certificate that is just a strong cryptographically as the larger companies Thawte and Verisign or one of the smaller companies like GeoTrust, that is recoginized on all of the 5.01 and higher browsers then just head on over to http://www.SSL4Less.com and ignor the speling on a couple of words, pick you up a cert for $44.95 with no chaining issues and be done with it.

Whew that was a mouth full.

Oh if you think your in need of a cert for browsers lower than 5.01 then look at your log files.

If you don't have stats readily available you can look at mine over at http://www.weberz.com/webalizer/

Scroll all the way to the bottom and look above the big green pie that never seems to work right.

If you would like to see an InstantSSL in action then feel free to visit one of my project sites here https://my.cpanelreseller.com/

This may be of interest to all that are concered and have read freessl.com.

http://www.whichssl.com

I would like to disclose that this is a Commodo website so it will naturally be somewhat slanted towards http://www.InstantSSL.com

Stop trying so hard -- if you want cheap certs -- go to freessl.com.... very comparable to instanssl and without multiple chains.. FreeSSL is in both IE and Netscape....

instead of paying 45 bucks at Tracy's site......

:stickout

Tracy --- why dont you provide your certs for free as well.....

then we can all love eachother...

The reason no one wants your free certs is because they're only good for three months, and less compatable than any other certificate.

Besides that, there is no "multiple chain" issue with a comodo certificate, other than it costing less.

hmmm.. we are issuing lots of them....

everyday -- so I think people want them pretty bad..

Also, I am not adverse to making them free for an entire year...

Neal you can't stand the fact that someone would opt for a less expensive alternative that arrives at the same solution for the problem at hand can you?

I think you may have had too much beer and you talk more about "lovin and group hugs" than I feel comfortable with.

Yes -- lets just agree on something..

Freessl.com and InstantSSL are very comparable..

We are free -- and Tracy you can't stand it....

You need to participate in a group hug...

then maybe you wil drop your price and be Free as well...

Set SSL4Less free......

be like freessl.com.....

By the way, Freessl.com certs represent the 4 largest certs concentration in the world.

The providers look like this by market share in order:

VeriSign
GeoTrust
Entrust
FreeSSL.com
TC Trust center
and then a bunch of small players..
:bawling:

Can I ask how she can give them away free? :eek: Are you nuts?
She is a reseller, if she gave them away free she would be paying to give them away. :eek:

You know, I just recently ordered a cert from Tracy (Hi Tracy) I was very impressed how efficent the cert was to get and install.

I only need the cert for my ensim control panel. This is why I don't need a validated cert, I'm not doing e-commerce with it, just wanted a cert other than a self signed on that pops error messages at customers.

Ok, I have 2nd ensim server that i use for backup purposes, I just registered to get your free cert. (Still waiting on the email :rolleyes: )

I think all this is a bunch of non-sense.

Hey, if your freessl is so great, why not a reseller program?

Were we could give a free cert for 3 months, then resell the certs ourself?

Honestly I don't see it as a 100 % free cert. It is a 3 month trial cert, in that aspect it is confusing, cause after 3 months if you want to keep it, you have to pay for it, that is not free, that is a trial.

:confused:

prevo ---- a reseller program is a good idea for Freessl.com

Not bad...

By they way, if you just want a cert for ensim control panel freessl is the way to go.... why would you pay $45?

Also, I think you are making a good point -- we should make freessl.com certs free for an entire year...

Neal

From your actions I am begining to doubt that you are the CEO of anything much less geotrust.

Neal I think your ego can not handle the fact that a $44.95 certificate is comparable with your $119 and that is what is making you.

1. Run scared

2. Present your potentioal clients with false statements

3. Avoiding everyones questions that have been presented to you.

4. Loose market share

I think your marketshare will surely dwindle as SSL certificates become more of a commodity item.

I really think that the SSL market will splinter into.

1. SSL certificates being used for there intended purpose: encrypting data.

2. Identity assurance being a seperate issue.

Speaking of identity assurance. Even for a truebusinessid there is no measures taken to ensure the identity of the purchaser of the SSL certificate. Anyone wanting to get one can without the proper documentation to verify who they are. You know this and I know this, so you can stop using that as an exuse for the $229 price of the truebusinessid's.

Oh, why don't you try acting like the "CEO" that you say you are.

I think you may get a little more respect if you do.

Originally posted by GeoTrustCEO
prevo ---- a reseller program is a good idea for Freessl.com

Not bad...

By they way, if you just want a cert for ensim control panel freessl is the way to go.... why would you pay $45?

Neal

I got one from you for my second ensim server. I am awaiting the email to my admin account.

The cert is NOT free! After 3 months I would have to pay you $45 a year for it. Or could I just register again for another free 3 months?

On the topic of a free ssl certificate, you can pick one up here:

http://www.instantssl.com/products/trialssl.html

This is the exact same certificate that you will be using when you puchase your permanent one.

you can register for a new free 3 month cert now....

But I do think we just need to drop the payed part and make it free for a year.... will do that soon.

Neal

Tracy --

You are very touchy.....

I think this entire dialog very funny...

I do not take life to seriously -- and GeoTrust is doing great..

You should relax and calm yourself....

Neal

Originally posted by GeoTrustCEO
you can register for a new free 3 month cert now....

But I do think we just need to drop the payed part and make it free for a year.... will do that soon.

Neal

Ok, now after that year is up, do I have to pay then?

Or can I re-register for another year?

What the heck is all this about really? It is a F'ing SSL certificate, big F'ing deal.

Honestly the certificate is suppose to tell the customer that who they are dealing with is legit, but you know what, that don't happen no more.

Why can't people just make their own certs?

What is involved to do that? I'm not talking self-signed cert, I mean what does it take to make a cert and issue it?

Just stating the obvious and trying to clear the air of your "FUD"

For those that do not know, FUD stand for "Fear, Uncertaintity and Doubt".

Neal is trying to implant FUD into people that do not see his way as the only way.

Prevo --

are you that all the SSL cert providers should not be necessary?

Neal

Prevo,

I am a guy btw :-)

That is why I don't want to give neal a "little loving and group hugs" that he so desperatley wants.

Tracy I encourage folks to try our products both freessl and quickssl, VeriSign, Thawte and ssl4less....

let the market vote..

we just keep providing what our customers ask for( while making a reasonable profit and still providing excellent free products through freessl.com) -- that is our strategy..

Neal

Oh.. I was going to ask you out -- thought you were a woman and that we were hitting it off a little.

Neal

Originally posted by GeoTrustCEO
Prevo --

are you that all the SSL cert providers should not be necessary?

Neal

You know a cert is a cert, people can make self signed certificates to provide encryption.

The reason we need to buy a cert is to stop the errors from poping up and scaring the daylights out of customers.

The real reason in the beginning to "buy" a cert was so businesses could be verified, I mean really verified, not this send a email to "admin@domain.com" and get the cert approved.

So to ask if SSL providers are 100% necessary, I would have to say yes and no.

My ecommerce site has a Thawte cert, they wanted a copy of my business license.

These certs don't do any of that.

You can't verify a business by whois records, everyone knows that these can be forged.

So again, what are we actually paying for? To get a cert that most in likely is automated?

Here is what I feel.

Not every web site needs a certificate, so that leaves a good part of your customer base elimiated, seeing more and more sites are named based anyway. So that limits a cert company right off the bat. They have to charge a higher fee to operate, but I feel if it is 100% automatic, what cost do they honestly have?

I bet if certs dropped to $25 or even $20 a year, your sales would increase.

People would get them just to get them because they are then so cheap. Even dropping to $30 or $35 a year. Not quit a cut in half, but if you doubled the amount of certs sold you would be higher in sales. That is where you would then judge qantity over quality.

Something to really think about.

Wow, did I get everyone to shut up on this thread or what? :D

I'm still waiting for answers for my questions :P. But ohhh well.

Cool it ljprevo :D

Anyways, Neal I have been watching this thread and you are behaving like an arrogant child. You need to watch the way you reply. You don't answer the question your potential clients are asking, instead you are trying to bust your competitors.

Come'on.. I can think of you like a child who lost his feeder during a walk in the park :)


--Omair

Neal is just disappointed that he doesn't stand a chance with Tracy :D

Seriously now, Neal does come accross rather unprofessionally - he should remember he's representing a company and giving them a bad name - if he is the CEO, he should know better TBH :)

Hey --- I get back from a hard days work and this is what happens?

I do not have a chance with Tracy -- and ubergeek is now mad at me.... and Omair took my feeder.

Neal,

You're really an interesting guy in my opinion by judging your replies to this thread. Care to let me know why? :)

Cheers

Joe

Sure --- send me an email at nealc@geotrust.com --- lets chat.

I have to run for the day...

Neal

Originally posted by GeoTrustCEO
Yes -- lets just agree on something..

Freessl.com and InstantSSL are very comparable..
I agree, they are both useless.
By the way, Freessl.com certs represent the 4 largest certs concentration in the world.

The providers look like this by market share in order:

VeriSign
GeoTrust
Entrust
FreeSSL.com
TC Trust center
and then a bunch of small players..
:bawling:
Where are you getting your figures from? You'll notice that mine tell a different story.

Verisign 32.56%
Thawte 31.26%
Geotrust 10.96%
self_signed 5.92%
Entrust 1.34%
Tcl Trust center 0.16%

with the rest shared amongst hundreds of "so called" CAs.

Originally posted by Marshall

I agree, they are both useless.

Where are you getting your figures from? You'll notice that mine tell a different story.

Verisign 32.56%
Thawte 31.26%
Geotrust 10.96%
self_signed 5.92%
Entrust 1.34%
Tcl Trust center 0.16%

with the rest shared amongst hundreds of "so called" CAs.


I think he was combining Verisign and Thawte....

So that comes out close...

He claimed that Freessl.com certs represent the 4th largest certs concentration in the world, hence my question.

Originally posted by GeoTrustCEO
I really do not like it when the competition plants remarks on this board --- it is so obvious....

But hey --- it is a free country.... People can use silly tactics...

Kinda makes me really, really... well laugh....

:stickout

Don't forget the customers always right! Why don't you just answer the questions?

Originally posted by ghost


Don't forget the customers always right! Why don't you just answer the questions?

This isn't an advertising section.. He really can't....

I ordered a freeSSL.com this morning and still don't have my cert, so it is not very instant is it.

Originally posted by GeoTrustCEO
Tracy --

You are very touchy.....

I think this entire dialog very funny...

I do not take life to seriously -- and GeoTrust is doing great..

You should relax and calm yourself....

Neal

Is it true that you have just laid of a number of staff

Originally posted by GeoTrustCEO
Stop trying so hard -- if you want cheap certs -- go to freessl.com.... very comparable to instanssl and without multiple chains.. FreeSSL is in both IE and Netscape....

instead of paying 45 bucks at Tracy's site......

:stickout

Tracy --- why dont you provide your certs for free as well.....

then we can all love eachother...

You stated that FreeSSL is compatible with Netscape, but you are not.

Netscape 4.7 - Has NO COMPATIBILITY
Netscape 6.2 - Has NO COMPATIBILITY
Netscape 7.0 - Has NO COMPATIBILITY

Are you sure you are the GeoTrustCEO, as I thought you would know this.

Originally posted by robert nel


You stated that FreeSSL is compatible with Netscape, but you are not.

Netscape 4.7 - Has NO COMPATIBILITY
Netscape 6.2 - Has NO COMPATIBILITY
Netscape 7.0 - Has NO COMPATIBILITY

Are you sure you are the GeoTrustCEO, as I thought you would know this.

I agree with you Robert, at the very bottom of their FAQ

http://freessl.com/freeSSLfaqs.htm

Will FreeSSL be compatible with more Web browsers in the future?
FreeSSL will soon be compatible with additional browsers like Netscape.

So by this FAQ are they saying that they are not compatible with Netscape? Guess a test is needed.

Might be out of scope but just wanted to say we ordered a cert from GeoTrust (Through RackShack) and the entire process was completed in 10 minutes flat.

We have ordered certs before and its one big nightmare for international clients. Especially if you live in India.

FreeSSL certs are issued by UTN-USERFirst-Network Applications which has NO Netscape compatibility.

Neal from GeoTrust has been stating on these forums that they are compatible.

Neal would you care to clarify your mis statements about FreeSSL on your freessl.com website?

For instance: FreeSSL is not comparable whatsoever to InstantSSL regarding ubiquity NOR validation. InstantSSL does not have a multiple chain issue... they now only have with ONE intermediate:

Root > Comodo > End Entity

Neal if you refuse to make these changes how can GeoTrust be trusted as a CA for anything?

Originally posted by Weberz
........InstantSSL does not have a multiple chain issue... they now only have with ONE intermediate:

Root > Comodo > End Entity
Of course it does. You obviously are out of your depth.

Originally posted by Marshall

Of course it does. You obviously are out of your depth.


you really haven't got a clue, have you Marshall the Geotrustguy

Verisign does exactly the same thing:

Verisignroot>VerisignIntermediatery>End entity

check out
https://banking.wellsfargo.com

in case if Marshall the Geotrust Guy doesn't know how to check an SSL certificate, Marshall double click on that yellow padlock on your browser and click on the tab called "certification path" there you will see that verisign is doing the exactly same thing as instantssl issuing an end entity certificate using an intermediatery certificate!

or do you now claim Verisign doesn't know what they are talking about too??

What do you mean what is that Yellow padlock for Marshall?

Its the SSL indicator Marshall ;)

(sorry couldn't resist :D )

Group hug everyone, its Geotrust!!!!!

Hosty:cool:

Originally posted by robert nel


Is it true that you have just laid of a number of staff

Yes a friend on the inside indicated that GeoTrust just let go their head of sales, a couple of engineers and a marketing person. July 1st they also had layoffs with 4 or 5 employees let go.

Well now I'm flummoxed.
I too was trying to decide which CA I should use to resell SSL certificates.
I was initially thinking of GeoTrust.
Whats confusing me most (being a newie), is that people are asking direct questions about GeoTrust certificates and the replies are sadly lacking. Someone has pointed out that the forum rules don't allow for GeoTrust to reply. This would be construed as marketing and is disallowed in this forum?

It seems to me the difference in the industry is issue of trust and insurance? Correct me if I'm wrong.
Basically the more you pay for the certificate the more likely it is the CA has properly ID the company requesting a certificate.

Also the more you pay, the more your connection is guaranteed to be secure, and if it's broken you can claim against the CA?
Sounds like a pretty hard thing to prove.

Seems to me the solution is to offer SSL from multiple CAs and sign up as a reseller for all.

For the comments on FreeSSL...

FreeSSL is in Netscape 7.0 production and IE 5.01.... very strong for a free product. It you want a cheap cert it is clearly a great option (probably the best).

Also, we will be switching out FreeSSL to a making substantial changes to freessl over the next few weeks. I think today it will be free for one year going forward..... we received that suggestion off of WHT....

Regards,

Neal

Originally posted by ThomasB
Well now I'm flummoxed.
I too was trying to decide which CA I should use to resell SSL certificates.
I was initially thinking of GeoTrust.
Whats confusing me most (being a newie), is that people are asking direct questions about GeoTrust certificates and the replies are sadly lacking. Someone has pointed out that the forum rules don't allow for GeoTrust to reply. This would be construed as marketing and is disallowed in this forum?

It seems to me the difference in the industry is issue of trust and insurance? Correct me if I'm wrong.
Basically the more you pay for the certificate the more likely it is the CA has properly ID the company requesting a certificate.

Also the more you pay, the more your connection is guaranteed to be secure, and if it's broken you can claim against the CA?
Sounds like a pretty hard thing to prove.

Seems to me the solution is to offer SSL from multiple CAs and sign up as a reseller for all.


Let me share my thoughts on SSL market and Providers, I know it can be very confusing:bawling:

There are certain elements to look for:
1)Browser coverage: Anything less than 99% is not worth spending money on. Imagine, all you have to loose one customer and this wipes off the saving you have made going for cheap solutions like Geotrust.
The best browser coverage of 99% is only offered by the following companies:
1)Verising, 2)Thawte, 3)Baltimore, 4)Entrust, 5)InstantSSL(Comodo)(they use Baltimore root, hence 99% trusted).
Please be aware that Windows 98 does NOT trust Geotrust Certificates. This, irrespective of what Geotrust marketing machine says is a huge market and I would strongly dispute their 90% coverage. Its more like 75%-85% coverage as there will be lots of Win98 users who have not upgraded and still does not trust Geotrust certs.
2)Validation: rightly or wrongly SSL certs (the yellow padlock) is associated with two things by the user: a)the communication is secure, b)the company who owns the website is authentic (because the end user relies on the SSL provider to check the company before they issue the SSL cert). The only company who don't offer validation is Geotrust. I symphatise with Geotrust, but what they are doing is dangerous and the trust people place on that yellow padlock (rightly or wrongly this is what people do) is going to be diminished thanks to Geotrust

3)Issuance speed: how quick you can get your cert. There are two companies who can offer this: Geotrust and InstantSSL. But the difference is InstantSSL offer this with validation

4)Warranties for Validation: Companies like Thawte who do the validation of the companies, they do not offer Warranties. This becomes useless for the end user as they have no recourse if something went wrong. So, Their lack of warranty invalidates their authentication process.

5)SiteSeals etc: They all offer siteseals etc some better than the others, this depends on your taste ;)

On the case of Geotrust not answering, its BS that they can't respond on this forum. Its just that they don't have an answer to the questions: The question asked had nothing to do marketing their own products but the garbage they throw about their competition which they cannot back up. Check out the questions and you will know what I mean.

A bit of history: Verisign first started selling SSL, they got big, a cheaper competitor came along called Thawte. Verisign bought them. Then Geotrust came to market last september hoping to be cheapest, but they have browser compatibility problems and instantssl launched charging less than half. This made instantssl as the leader in cost effective solution provider as Geotrust had many weakness:
a)They charge 2.5times more (hence can't be called the most cost effective)
b)their browser coverage is not good enough as people will get security warning if they have wind98
c)they do not validate the authenticity of companies

So, now people are asking the question: Why should I buy from Geotrust if I want a cost effective solution? They are not the cheapest, they don't offer best browser coverage, they don't validate and they are not the fastest in issuance. So, you could say that they have lost out to InstantSSL. They have been laying people off and one does not know how long more Geotrust is going to be around:(

Comodo people have put up a website called www.whichssl.com and have outlined, in my opinion, some decent facts. maybe worth a look for you, others in the forum thought it was useful.

hope the above helps

Hosty

Originally posted by ThomasB
..................
I was initially thinking of GeoTrust.
Whats confusing me most (being a newie), is that people are asking direct questions about GeoTrust certificates and the replies are sadly lacking. Someone has pointed out that the forum rules don't allow for GeoTrust to reply. This would be construed as marketing and is disallowed in this forum?
......

Well, its obvious from his replies that GeotrustCEO is reading this post:

Just to prove the point to ThomasB and the questions that Geotrust were avoiding were support questions and nothing to do marketing or even their own product. Geotrust has been engaging in Sh*t throwing exercise because instantssl folks have started taking a good chunk of their business. I will challange GeotrustCEO openly, again, and you will see that again he will NOT be able to answer the question because its a lie they have been telling their customers and they have no evidence:

So Neal (GeotrustCEO) here is the question again and this is an open challange against Geotrust lies:


You claim that instantssl suffer from alleged chain issue yet instantssl use exactly same chain structure as Verisign (check out https://banking.wellsfargo.com ) (check my previous postings for more details if you wish). Please tell the whole webhosting community what the problems are with Verisign and Instantssl certificates since they use exactly same chaining technique.

ThomasB, you will see that he will not answer this question as he has no answer as Verisign is using exactly same technique instantssl uses and Geotrust is LYING to its customers to get their business, otherwise telling the truth will lead their customers to instantssl. They are spreading their lies thru a website called freessl and everytime a customer questions them and says that they can get a better with instantssl they use freessl website to justify their lies and close the sale. This is unethical and lying to customers. Geotrust is really being slated by everyone in the ssl industry, Gartner have slated them Comodo is slating them Verisign is slating them because they don't offer validation etc.

So, again, nothing to do with whether they are allowed or not but simply that they can't answer it because they are a bunch of liars spreading lies about competition to gain business and this we find is unethical and its kinda strange to be in the trust business and lie thru you teeth:angry:


Hosty

Hosty ---

I think it is pretty obvious to everyone on this board who you work for....

You should spend more time focusing on building your company than the posts you make here.....

I have nothing against your company Comodo -- I wish you luck.

I will keep my comments directed at Hosts who have constructive comments and questions...

GeoTrust is a great, honest company.. that is why I am here under my own name and not "pretending" to be someone else.

Regards,

Neal

Neal,

why not answer the question he asked?

And no I dont work for InstantSSL :D

Originally posted by GeoTrustCEO
Hosty ---

I think it is pretty obvious to everyone on this board who you work for....

You should spend more time focusing on building your company than the posts you make here.....

I have nothing against your company Comodo -- I wish you luck.

I will keep my comments directed at Hosts who have constructive comments and questions...

GeoTrust is a great, honest company.. that is why I am here under my own name and not "pretending" to be someone else.

Regards,

Neal

Anyone who questions you becomes a Comodo guy. How convinient. You have escaped every question directly asked by Tracy ssl4less (used to be a Geotrust reseller) and many more people.

Still, why don't you answer the question? I think we all know why ;)

FYI: I have made it very clear on numerous occasions but here it is again my website www.giointernet.co.uk we are based in North West England (nr Manchester) and yes I support Manchester United.

Hosty

Originally posted by hosty


<snip>
They are spreading their lies thru a website called freessl and everytime a customer questions them and says that they can get a better with instantssl they use freessl website to justify their lies and close the sale. <snip>

Hosty

It is NOT a free SSL, it is a 3 month trial SSL!

I applied for a SSL there, so I could compared the 2 side by side and I never recieved my freessl, this was after I posted some issue against Geo.

Originally posted by Chris Marks
Instant SSL has a better verification system than Geo Trust...some people do look for that. As far as browser compatability...it really isn't any better or worse than Geo Trust. Search for Instant SSL on the forums...you'll find some good info about them. hth

considering that there are 700M internet users and geotrust being compatible with 95% and Instantssl with 99% (4% difference) this says to me that there are 28Million more people who trust InstantSSL than Geotrust. Now, I wouldn't like pay more than twice to Geotrust and give security warning messages to those 28Million people! Why do that at all? If Geotrust were charging $10 then maybe some people would take the risk (personally, loose 1 customer paying you $50 is all it takes to compensate for higher price SSL cert, but pay more than twice to be less compatible just doesn't make sense)

When you think about the whole internet the numbers get scary and realize how much you would be loosing out.

Hosty

Originally posted by hosty


So Neal (GeotrustCEO) here is the question again and this is an open challange against Geotrust lies:

You claim that instantssl suffer from alleged chain issue yet instantssl use exactly same chain structure as Verisign (check out https://banking.wellsfargo.com ) (check my previous postings for more details if you wish). Please tell the whole webhosting community what the problems are with Verisign and Instantssl certificates since they use exactly same chaining technique.

Hosty
In the words of Bruce Schneier*:

"since security of a chain is weaker than the weakest link, the RA+CA is less secure than either the RA or the CA, no matter how strong the CA or how good the contract with the CA."

This obviously does not apply to Verisign, because the RA and the CA happen to be the same company.


*The author of the Blowfish and Twofish encryption algorithms

Originally posted by Marshall

In the words of Bruce Schneier*:

"since security of a chain is weaker than the weakest link, the RA+CA is less secure than either the RA or the CA, no matter how strong the CA or how good the contract with the CA."

This obviously does not apply to Verisign, because the RA and the CA happen to be the same company.


*The author of the Blowfish and Twofish encryption algorithms

I am sorry I made you buy Bruce's book :stickout

Marshall (Geotrust Guy) I am glad that you agree 100% that Fressl is lying and there is no issues of chaining with browser as falsely claimed in your website freessl "certificate chaining that can cause issues with some browsers."

You stated in your website: "certificate chaining that can cause issues with some browsers."

We asked: Back it up, cos we know this is a lie

Geotrust never answered the demands of Webhosts and even Geotrust customers who openly asked GeotrustCEO to answer it in this forum. You could never answer this question because there is no answer to it, its pure and simple a LIE by GEOTRUST.

This is how Geotrust convinces its customers not to go to InstantSSL, by feeding them lies which they cannot back up.


Hosty

Originally posted by sslgeek


Yes a friend on the inside indicated that GeoTrust just let go their head of sales, a couple of engineers and a marketing person. July 1st they also had layoffs with 4 or 5 employees let go.

I wonder why Geotrust had to lay of their head of sales, and a couple of engineers, oops and a marketing person. Sorry and also employee layoffs in July. They must not be making enough profit as of there expensive prices.

Originally posted by hosty


Anyone who questions you becomes a Comodo guy. How convinient. You have escaped every question directly asked by Tracy ssl4less (used to be a Geotrust reseller) and many more people.

Still, why don't you answer the question? I think we all know why ;)

FYI: I have made it very clear on numerous occasions but here it is again my website www.giointernet.co.uk we are based in North West England (nr Manchester) and yes I support Manchester United.

Hosty

Hosty, I have looked back on these forums and must agree with you. Every question that you have asked him, he seems to have escaped by not answering it. I also looked back and found he wanted to arm wrestle someone at Comodo, this is a bit pathetic for a Geotrust CEO. I think that any certificates we need, we will be using InstantSSL as they now have a 99% browser compatability as well as the most cost effective prices out of all the companies that have been mentioned in this Forum. I dont like the way the GeoTrust CEO has been avoiding your questions, and this tells me there is something wrong with them.

Originally posted by hosty


I am sorry I made you buy Bruce's book :stickout

Marshall (Geotrust Guy) I am glad that you agree 100% that Fressl is lying and there is no issues of chaining with browser as falsely claimed in your website freessl "certificate chaining that can cause issues with some browsers."

Hosty
That's not what I said, please do not twist my words and confuse the uneducated more than yourself.
Bruces's words are clear and apply to instantssl only. In other words he's saying that freessl is more secure than Comodo.
That's a fact that you simply cannot argue with, the chaining issue regarding Instantssl is real.

Originally posted by Marshall

That's not what I said, please do not twist my words and confuse the uneducated more than yourself.
Bruces's words are clear and apply to instantssl only. In other words he's saying that freessl is more secure than Comodo.
That's a fact that you simply cannot argue with, the chaining issue regarding Instantssl is real.

So Marshall, tell us about the chaining issue if there really is one, OR are you going to keep the secret all to yourself.

Originally posted by Marshall

That's not what I said, please do not twist my words and confuse the uneducated more than yourself.
Bruces's words are clear and apply to instantssl only. In other words he's saying that freessl is more secure than Comodo.
That's a fact that you simply cannot argue with, the chaining issue regarding Instantssl is real.

You certainly are more naïve than I thought. You really haven’t got a clue about security Marshall (the geotrust guy) have you. Security is not about one element but is also where and how you store your root key, procedures to get access to it or use it to sign other keys with it and so on. It could be argued that because you access the root key more often if you signed with it directly, you are more susceptible to compromise it than accessing it only a few times during lifetime of the root key etc etc. Without knowing and analysing these elements and making the statements you have made blindly, the only conclusion I can come to is you are a "Security Expert Wannabe" working for a Deceitful Company called Geotrust that is why you don’t mind making these deceitful and at best utterly uninformed statements.

Anyway, You guys at geotrust are very good at trying to avoid the question by trying to change the subject. You have managed to avoid backing up the lies you have made on your website for a long time so far, yes lost our confidence and our business but hey what did you expect for lying?! However, we will not let you get away: We asked you the following question and expect a direct answer to it:

You stated in your website: "certificate chaining that can cause issues with some browsers."

We asked: Back it up by telling us which browser has issue with it and what these issues are?

So, please answer the question simply by telling us which browsers have problem with “certificate chaining” that Verisign and InstantSSL use since they both use same chaining technique and what these problems are. Rather than your pathetic attempts at trying to read cryptography books and come up with even more garbage! I will repeat again:

You claim that “Certificate chaining causes issues with browsers”, tell us which browsers these are and tell us what the problems are.

Another point, while I have got you Marshall (the Geotrust guy): Please answer as to why you claim that your certificates: Ensures the identity of a remote computer, in your certificates even though you do not validate the companies (something your company clearly states). This will make the end customers trust ssl certificates on a website believing that you have validated the company’s identity and conduct commerce with them, they could be conducting business for fraudster and they wouldn’t know because you lie in your SSL cert about what you do as well. Do you realise that this will put your customers who use your Certificate in a difficult situation because, effectively, they are participating in your lies and deceit by displaying that misleading message in the certificate!

Let me summarise it again Marshall (the Geotrustguy and GeotrustCEO)

1)Back up your statement about: "certificate chaining that can cause issues with some browsers." And tell us which browser has problems with it and what these problems are

2)Tell us why you put lies in the certificates you issue about pretending that you have validated the company identity: your certificates say:”Ensures the identity of a remote computer” just like a fully validated Verisign certificate.

Hosty

Originally posted by hosty

Mostly garbage

Hosty
There is no need for sarcasm or false accusations, all I said was that Instantssl is not fit for business.
For obvious reasons, I cannot answer Geotrust's specific questions, but I can assure you that they are doing just great judging by the latest surveys (http://www.securityspace.com/s_survey/sdata/200208/certca.html).
If Comodo had any business acumen, they wouldn't of incorporated their company in the UK where the activities of the CAs are subject to legislations such as the RIP act (rightful interception).
The bottom line is there are only few CAs that should be considered for e-commerce and Comodo is not one them. If you have a hobby site or need a certificate for your "control panels", Freessl is great.

Originally posted by Marshall

There is no need for sarcasm or false accusations, all I said was that Instantssl is not fit for business.
For obvious reasons, I cannot answer Geotrust's specific questions, but I can assure you that they are doing just great judging by the latest surveys (http://www.securityspace.com/s_survey/sdata/200208/certca.html).
If Comodo had any business acumen, they wouldn't of incorporated their company in the UK where the activities of the CAs are subject to legislations such as the RIP act (rightful interception).
The bottom line is there are only few CAs that should be considered for e-commerce and Comodo is not one them. If you have a hobby site or need a certificate for your "control panels", Freessl is great.

just answer the question Marshall (the geotrust guy)

here they are again;)

1)Back up your statement about : "certificate chaining that can cause issues with some browsers." And tell us which browser has problems with it and what these problems are

2)Tell us why you put lies in your SSL certificates you issue about pretending that you have validated the company identity: your certificates say:”Ensures the identity of a remote computer” just like a fully validated Verisign certificate.

just the answers will do thanks.

hosty

Originally posted by hosty


just answer the question Marshall (the geotrust guy)

here they are again;)

1)Back up your statement about : "certificate chaining that can cause issues with some browsers." And tell us which browser has problems with it and what these problems are

2)Tell us why you put lies in your SSL certificates you issue about pretending that you have validated the company identity: your certificates say:”Ensures the identity of a remote computer” just like a fully validated Verisign certificate.

just the answers will do thanks.

hosty

as everyone can see, I think I have made my point:

Geotrust is a company who spread deceitful lies. When confronted about their lies they can't answer the questions.

Subject closed :cool:

Hosty

I had missed this thread and just had a chance to read trough it.

As in most other market segments, marketing hype is often the only differentiating factor between similarly featured products that sell for for substantially different prices.

What's the difference in functionality between domains registered with Network Solutions (Verisign) for $35 and domains registered with GoDaddy for $9? None.

In the case of SSL two things are obvious:

1. There is no objectively justifiable reason to buy the more expensive Geotrust, Verisign or Thawte certs.

2. The attitude of the Geotrust CEO is alone sufficient to undo millions of dollars worth of marketing efforts. Should be a case study.