Hi guys!

I need a little bit of help here.

I need to know what GeoTrust, Comodo and Verisign has.

I need to know what they have in similarities.

Example: Is RapidSSL from GeoTrust the same as InstantSSL from Comodo?

That's the kind of information I'm looking for, all the way down to the Business level, as I haven't been able to find anything that tells me what is the equivalent version from each listed vendor above to each other's products.

As long as there is 256 bit encryption, there isn't any difference but the name, which I see no difference in going with someone expensive like Verisign vs someone cheaper like Godaddy. However, they have put up a comparison page on their site: http://www.godaddy.com/gdshop/ssl/ssl.asp?ci=9039 Click on the compare our competition tab on the page for the chart.

Curtis

Curtis,

I'm not asking for a comparison.

I'm asking what is the equivalent name for GeoTrust's RapidSSL.

RapidSSL and InstantSSL, at least, in name, seems to be basically the same thing. That's the kind of information I'm looking for.

What is the equivalent to the name? I'm not looking for equivalency behind the technology. That's not what I want.

(I couldn't use the quote function. WTF?!)

Generally speaking, SSL certificates listed at $9-25 a year are all the same.

Gotmerchant is also technically wrong about all SSL certificates being the same other than encryption. Some SSL certificates come with further validation of a business. What a lot of people miss is that although cardholder data is protected through transport by encryption, it doesn't mean that the receiving end is not malicious.

That is not the point of SSL, to filter out malicious businesses. SSL's job is simply to transmit the information from their browser to the receiving party SECURELY. If the business is legitimate, that is a whole another topic and not the responsibility of an SSL certificate.

The must used purpose of SSL is to protect the data of consumers. The security of the consumer's data is of utmost importance to the consumer, correct? Then is it not important to ensure that the cardholder data reaches a business and not some individual who'll take off with your cash and your details?

Whilst it's a low threat, it still exists. The smaller usage of SSL is for encryption of login credentials unrelated to financial activity - which is fine and I absolutely agree with you in this respect regarding your prior statement.

A lot of things become more than they were intended to be, not just SSL.

That is not the point of SSL, to filter out malicious businesses. SSL's job is simply to transmit the information from their browser to the receiving party SECURELY. If the business is legitimate, that is a whole another topic and not the responsibility of an SSL certificate.

Actually SSL verification is the point of filtering out malicious businesses. Most SSL companies though take the short cut and simply send an email to the company. Verisign SSL's require that you prove your physical location and business registration - this is probably why Verisign has a higher value in $ and trust terms.

That doesn't mean it is a good business, there isn't a way to know if the business is malicious and not have good intentions... All that can check out, but the owners can still be crooks.

Scammers won't typically spend time setting up corporation or LLC. Either will they spend a few hundred dollars on an SSL. They tend to last only 1-2 days and can't afford the overhead in time and money.

EV SSL's can use 2048 bit key.

That is not the point of SSL, to filter out malicious businesses. SSL's job is simply to transmit the information from their browser to the receiving party SECURELY. If the business is legitimate, that is a whole another topic and not the responsibility of an SSL certificate.

Exactly. But if you are handling financial transactions you need to get a Verisign certificate. It is what customers expect.

But Extended Validation SSL certificates are a boondoggle. Domain validated are a lot cheaper, and usability research has shown that customers don't know the difference.

EV SSL's can use 2048 bit key.

That's all about the CSR (Certificate Signing Request) you create. Normal domain validated Verisign certs accept 2048-bit public key for the CSR.

As goes GeoTrust (uses the old Equifax root).