I posted earlier about securing a Win2000 server with Thawte and after some more research I came across a few other companies that offer it. Since we actually have a contract with VeriSign for domain names, he is leaning to go towards that company.
I have searched that site high and low for browser compatibility. Since this is a state government website, we want to make sure its as secure yet compatible with at least 99% of the browsers out there. Any help on a link for their compatilibily or a chart that gives other companies would be great. Thanks.
I am not a complete expert on the subject, but here is some input:
Some older browsers of 1995-97 vintage will perceive Thawte certificates as invalid because of the klunky way that they were programmed at that time. Arbitrary sunset dates were imposed on the entire CA, regarless of the validity dates on the actual certificate. Encryption would still work, but the browser could give some dire-sounding warnings that the would scare an unsophisticated web surfer. I think the problem is limited to version 3 and lower. If this is 0.5% or 2% of the browsers still active is splitting hairs. It's not a lot.
By the way, Verisign now owns Thawte, and recetly raised Thawte prices quite a lot. The big difference seems to be only price, with Verisign costing $300 per domain. But if the taxpayers are paying, perhaps a couple hundred bucks matter less than the simplicity of your process.
An intriguing new possibility is GeoTrust, apparently run by the credit reporting / data company Equifax. Those certificates can be had for only $50, but I don't know if they have compatibility issues. It would not be surprising if Microsoft and AOL, who control the browsers, would collaborate with Verisign to create a CA monopoly in return for some sort of kickback.