Results 1 to 33 of 33
  1. #1

    different kinds of SSL certificate?

    I want to buy an SSL certificate for my international web site.
    I found that SSL cert. from versign cost about US$1500,
    however, those from namecheap.com cost about US$20,

    What are the difference between these certificates?
    I am confused and googling just cannot answer my question.
    Thanks if anyone can help.

  2. #2
    Join Date
    Sep 2003
    Posts
    3,854
    Quote Originally Posted by eroy4u View Post
    What are the difference between these certificates?
    I am confused and googling just cannot answer my question.
    Thanks if anyone can help.
    SSL's from an issuer performs two functions:
    - Verification
    - Security

    The main difference is the level of verification performed. Higher SSL certificates usually have more verification performed and thus more consumer confidence. Sometimes throwing in a site seal as well.

    In terms of encryption and security, a $1500 cert will be just as effective as a $10 cert or a free self signed cert.
    InnoHosting, Performance Web Hosting || US: 1-888-522-INNO UK: 0800 612 8075
    Web Hosting - Virtual Servers - Managed Servers - Application Hosting
    Reseller Hosting with WHMCS & Preloaded KB | SSL | activGuard | End User Support
    LiteSpeed / CloudLinux / Idera Backups / True 24x7 Support / 10+ Years in Business

  3. #3
    In terms of encryption and security, a $1500 cert will be just as effective as a $10 cert or a free self signed cert.
    So you mean that getting a RapidSSL or a free self signed SSL is the same thing? The security and encryption is the same?

  4. #4
    Join Date
    Sep 2003
    Posts
    3,854
    Quote Originally Posted by ashish1987 View Post
    So you mean that getting a RapidSSL or a free self signed SSL is the same thing? The security and encryption is the same?
    Yes pretty much (encryption wise)
    InnoHosting, Performance Web Hosting || US: 1-888-522-INNO UK: 0800 612 8075
    Web Hosting - Virtual Servers - Managed Servers - Application Hosting
    Reseller Hosting with WHMCS & Preloaded KB | SSL | activGuard | End User Support
    LiteSpeed / CloudLinux / Idera Backups / True 24x7 Support / 10+ Years in Business

  5. #5
    Quote Originally Posted by IH-Rameen View Post
    In terms of encryption and security, a $1500 cert will be just as effective as a $10 cert or a free self signed cert.
    This is not completely true. Some of the more expensive certificates utilise SGC which provides step up encryption to a minimum of 128-bit whereas the cheaper certificates may only connect at 40-bit depending on the server/browser/OS combination.

    It really depends on the level of encryption you require as to wether this matters.
    Andy
    Resell SSL Certificates - API / WHMCS / HostBill / ClientExec
    Servertastic - RapidSSL, Geotrust, Thawte, Symantec, SmarterTools and more

  6. #6
    Join Date
    Sep 2003
    Posts
    3,854
    Quote Originally Posted by AGUK View Post
    This is not completely true. Some of the more expensive certificates utilise SGC which provides step up encryption to a minimum of 128-bit whereas the cheaper certificates may only connect at 40-bit depending on the server/browser/OS combination.

    It really depends on the level of encryption you require as to wether this matters.
    A RapidSSL cert is 128bit, you can generate a self signed cert with 256 bits.. A RapidSSL can be found as cheap as $8, and self signed is free.. Or am I missing something here?
    InnoHosting, Performance Web Hosting || US: 1-888-522-INNO UK: 0800 612 8075
    Web Hosting - Virtual Servers - Managed Servers - Application Hosting
    Reseller Hosting with WHMCS & Preloaded KB | SSL | activGuard | End User Support
    LiteSpeed / CloudLinux / Idera Backups / True 24x7 Support / 10+ Years in Business

  7. #7
    Quote Originally Posted by IH-Rameen View Post
    A RapidSSL cert is 128bit, you can generate a self signed cert with 256 bits.. A RapidSSL can be found as cheap as $8, and self signed is free.. Or am I missing something here?
    So a 256 bit self signed is better than a $20 RapidSSL ?
    Or is it that people buy the expensive SSL vertificated only so that their visitors feel lil more secure?

  8. #8
    Quote Originally Posted by IH-Rameen View Post
    SSL's from an issuer performs two functions:
    - Verification
    - Security

    The main difference is the level of verification performed. Higher SSL certificates usually have more verification performed and thus more consumer confidence. Sometimes throwing in a site seal as well.

    In terms of encryption and security, a $1500 cert will be just as effective as a $10 cert or a free self signed cert.
    Thanks. what are the differences in what customers see when they come to my web site?

  9. #9
    Join Date
    Sep 2003
    Posts
    3,854
    Quote Originally Posted by ashish1987 View Post
    So a 256 bit self signed is better than a $20 RapidSSL ?
    Or is it that people buy the expensive SSL vertificated only so that their visitors feel lil more secure?
    No not necessarily. Like I said, an SSL has two functions. You lose the verification aspect with a self signed cert as you generate it yourself. The client will also see a warning message triggered by the browser alerting the user that the certificate is self signed.

    You won't need more than 128bits. 128bits is good enough.
    InnoHosting, Performance Web Hosting || US: 1-888-522-INNO UK: 0800 612 8075
    Web Hosting - Virtual Servers - Managed Servers - Application Hosting
    Reseller Hosting with WHMCS & Preloaded KB | SSL | activGuard | End User Support
    LiteSpeed / CloudLinux / Idera Backups / True 24x7 Support / 10+ Years in Business

  10. #10
    Quote Originally Posted by ashish1987 View Post
    So a 256 bit self signed is better than a $20 RapidSSL ?
    Or is it that people buy the expensive SSL vertificated only so that their visitors feel lil more secure?
    What is 'better'? Encryption is only half the purpose. From a business standpoint it may be more important to give the visitor a sense of security. The average visitor may not know the extra validation required to obtain the more expensive certificate or even bother to review the cert but to a business it might be a detail they do not want to overlook in case they are subjected to a critical review or if they are soliciting investors.

  11. #11
    So WHich one is better to get from godaddy? Standard, delux or premium?

  12. #12
    Well thank you for your answers. I was on my way to buy the RapidSSL. Tell me which is better. RapidSSL or standard from Godaddy?
    And where can I get RapidSSL at the best prices?

  13. #13
    Quote Originally Posted by IH-Rameen View Post
    A RapidSSL cert is 128bit, you can generate a self signed cert with 256 bits.. A RapidSSL can be found as cheap as $8, and self signed is free.. Or am I missing something here?
    Yes a RapidSSL cert is 128-bit but this is not the minimum encryption it offers. If the user is using an older browser or the OS is an older Windows 2000 system for example then RapidSSL will likely only offer 40-bit encryption. This situation may be very rare however so you need to decide on how important this is to you.

    Whereas a certificate with SGC automatically steps up the encryption to be a minimum of 128-bit.

    Again it depends on the usage of the certificate. If it is for an admin area where you know everyone is using the latest browser then it may not be a problem. If it is for an e-commerce application where you really need the strongest encryption possible but you can not ensure everyone is using the latest browsers then an SGC cert may be better for you.
    Andy
    Resell SSL Certificates - API / WHMCS / HostBill / ClientExec
    Servertastic - RapidSSL, Geotrust, Thawte, Symantec, SmarterTools and more

  14. #14
    Quote Originally Posted by deepman007 View Post
    So WHich one is better to get from godaddy? Standard, delux or premium?
    You need to be specific as to the purpose of your certificate. Not all certificates are suitable for all situations.
    Andy
    Resell SSL Certificates - API / WHMCS / HostBill / ClientExec
    Servertastic - RapidSSL, Geotrust, Thawte, Symantec, SmarterTools and more

  15. #15
    Join Date
    Sep 2003
    Posts
    3,854
    Quote Originally Posted by AGUK View Post
    Yes a RapidSSL cert is 128-bit but this is not the minimum encryption it offers. If the user is using an older browser or the OS is an older Windows 2000 system for example then RapidSSL will likely only offer 40-bit encryption. This situation may be very rare however so you need to decide on how important this is to you.

    Whereas a certificate with SGC automatically steps up the encryption to be a minimum of 128-bit.

    Again it depends on the usage of the certificate. If it is for an admin area where you know everyone is using the latest browser then it may not be a problem. If it is for an e-commerce application where you really need the strongest encryption possible but you can not ensure everyone is using the latest browsers then an SGC cert may be better for you.
    Yep you're right, just read up on SGC - interesting stuff! Thanks for the info
    InnoHosting, Performance Web Hosting || US: 1-888-522-INNO UK: 0800 612 8075
    Web Hosting - Virtual Servers - Managed Servers - Application Hosting
    Reseller Hosting with WHMCS & Preloaded KB | SSL | activGuard | End User Support
    LiteSpeed / CloudLinux / Idera Backups / True 24x7 Support / 10+ Years in Business

  16. #16
    welcome
    can any bady tell me how I can create a self SSL 128-bits ? to use in CPanel / WHM

  17. #17
    Thanks. Can anyone tell me, when customers come to my web sites, will they know whether I use a expensive or a cheap SSL cert?

  18. #18
    Join Date
    Apr 2002
    Posts
    930
    You need to define what the purpose of having a certificate is.

    If you are selling something or in a situation where you are presenting your website to people that do not know you and do not have any type of business relationship with you, then you will want a purchased certificate. Now the question becomes, how reputable do you want to appear? The different levels of certificates mainly have to do with how much back tracing a visitor can do. Are you a real business or just someone out to scam someone? I'm not all that educated with the various degrees of certificates, but I suspect the more expensive are meant to make visitors feel more comfortable knowing that the certificate authorizer has verified that you are a real business. But as someone has mentioned, when was the last time you really checked that information out on someone? But again it is personal preference. If you are doing business with people that do not know you or have a relationship with you, then you definitely want a purchased certificate, even if it is a cheap RapidSSL certificate.

    Now if you are dealing in a situation where the visitors know you, maybe they are already customers of yours or you can otherwise communicate with them and all you are interested in is the encryption aspect of a secure certificate, then just use a self-signed certificate. A self-signed certificate is going to pop up in the browser saying that the browser does not recognize this certificate. This is why you don't want to use a self-signed certificate in a situation when you are dealing with new customers or people that do not know you. This will serve as a red flag for them. However if you are dealing with people that are already your customers or know you, you can simply tell them "You will see a certificate warning pop up when you access this page, this is fine and safe, it is just a self-signed certificate being used so that the form will be encrypted" or something to that affect.

  19. #19
    Join Date
    Apr 2002
    Posts
    930
    Quote Originally Posted by LayeredSoft View Post
    welcome
    can any bady tell me how I can create a self SSL 128-bits ? to use in CPanel / WHM
    In your WHM click the link for Generate a SSL Certificate and Signing Request fill this out just as you would for generating a CSR for a purchased certificate. When you click create you will see three sections a CSR (Certificate Signing Request), Private Key, and Self-Signed CRT. Copy the CRT and click the Install a SSL Certificate and Setup the Domain link and paste the certificate into the top box. It should automatically fill out the private key and domain information.

    One thing to note, a domain name that uses a certificate really needs its own IP address, so if you haven't already given the domain in question a dedicated IP, you might do that before you generate a self-signed certificate. There's nothing to stop you from installing one on a shared IP, just only one certificate can be installed per IP.

  20. #20
    that was intresting
    thanks alot

    but this make me sad
    The CA is not trusted ! why IE give that error and how we can prevent it !

    Oh no ! look what FireFox says :

    Secure Connection Failed

    www.-.com uses an invalid security certificate.
    The certificate is not trusted because it is self signed.
    (Error code: sec_error_untrusted_issuer)

    * This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.
    * If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.
    Or you can add an exception…

  21. #21
    Join Date
    Apr 2002
    Posts
    930
    Quote Originally Posted by LayeredSoft View Post
    The CA is not trusted ! why IE give that error and how we can prevent it !
    Did you purchase a certificate? The certificate may have a CA bundle that ties it to recognized certificates. Did you install that?

    If you are referring to a self-signed certificate, this is the error message that is going to be presented because self-signed certificates are not issued by an authorized certificate maker (though the encryption still functions).

    Another thing to note, make sure you are using the hostname that you used when you generated the CSR. I know a lot of times people will order a certificate for domain.com and then try to access it by going to https://www.domain.com. This won't work, the hostnames have to match exactly, you would have to use https://domain.com.

  22. #22
    I installed a self-signed crt
    so no idea to prevent this message ?

    I install it with www.domain.com

    another question ! :
    the SSL crt can prevent site to get hacked ?
    Thanks

  23. #23
    Join Date
    Apr 2002
    Posts
    930
    Is the site not working at all?

    The security warning popup is normal for a self-signed certificate, there's no way around it (you can accept it in your browser's certificate repository to make the warning go away for your browser, but that only affects your browser).

    You should be able to accept the certificate, either permanently (adding it to the browser repository) or for that session only (you will be prompted again when you close your browser and restart it going to that site) and you should be able to continue on accessing the site securely.

  24. #24
    OK Thanks alot

  25. #25
    Quote Originally Posted by LayeredSoft View Post
    the SSL crt can prevent site to get hacked ?
    Thanks
    No it can't. If the site is poorly coded or the server is insecure then it could still be hacked.
    Andy
    Resell SSL Certificates - API / WHMCS / HostBill / ClientExec
    Servertastic - RapidSSL, Geotrust, Thawte, Symantec, SmarterTools and more

  26. #26
    Sorry to ask again but I didn't get the answer. Can anyone tell me, when customers come to my web sites, will they know whether I use a expensive or a cheap SSL cert?

  27. #27
    Quote Originally Posted by eroy4u View Post
    Sorry to ask again but I didn't get the answer. Can anyone tell me, when customers come to my web sites, will they know whether I use a expensive or a cheap SSL cert?
    If they know what they are looking for then yes.

    If you use an EV (Extended Validation) certificate then users with IE7 / Vista and soon to be FireFox will see the address bar go green.

    If you get a company validated certificate then additionally your company name will appear within the certificate when the user clicks on the padlock. With Opera/IE7 the company name will be dsplayed next to the padlock.

    Certificates that are just domain validated will state this when you view the certificate.
    Andy
    Resell SSL Certificates - API / WHMCS / HostBill / ClientExec
    Servertastic - RapidSSL, Geotrust, Thawte, Symantec, SmarterTools and more

  28. #28
    Im trying to get an SSL for my E-commerce site, but the thing is I use paypal to accept peoples payment. I need an SSL because buyers has to fill out the form or creating an account, but there's no Credit card info stored on the site. So, should I get a standard SSL, delux or premium ssl from godaddy? or any other suggestions?

    Thank you

  29. #29
    My personal suggestion is if you are selling e-commerce then go for the EV certificate (Premium).

    Even less savy users are able to distinguish when the address bar goes green and it can increase sales.

    We installed a VeriSign EV certificate on our site and sales have definately increased from cold visitors.
    Andy
    Resell SSL Certificates - API / WHMCS / HostBill / ClientExec
    Servertastic - RapidSSL, Geotrust, Thawte, Symantec, SmarterTools and more

  30. #30
    I cant afford at that price! Any cheaper ones that can be recognized by most browsers and users?

  31. #31
    Quote Originally Posted by deepman007 View Post
    I cant afford at that price! Any cheaper ones that can be recognized by most browsers and users?
    Get the cheaper one then. My only point is if you want to encourage people to part with their cash an EV certificate can give a better image.
    Andy
    Resell SSL Certificates - API / WHMCS / HostBill / ClientExec
    Servertastic - RapidSSL, Geotrust, Thawte, Symantec, SmarterTools and more

  32. #32
    Join Date
    Dec 2002
    Location
    USA
    Posts
    337
    Godaddy has a special for AES-256 Standard SSL certificate with a site seal for $14.99 a year.

    Take a look at this chart for price/service comparisons.

    https://www.godaddy.com/gdshop/ssl/s...pp%5Fhdr=#tabs

  33. #33
    I guess Standard SSL will do right ? Also, If it expires, do i have to get a new ssl or i can renew and don't have to reinstall it again ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •