SSL Madness
This week I’m purchasing an SSL certificate for Approver.com so we can secure our login page. Man, what a pain this is.
I have been going back and forth with Thawte for over a week now, trying to get a certificate that will do what we want to do. I originally bought their low-end product (what they call the "SSL123" certificate) only to find out that it doesn’t work with our configuration (Windows Server 2003 running IIS 6 with multiple sites using host headers). As soon as their tech support dudes figured out that they’d sold me the wrong kind of certificate, they routed me into a customer service black hole and now they won’t return my emails. I’m crossing Thawte off the list of companies I’ll do business with.
So I’m looking for another certificate vendor. I now know that I need what’s called a wildcard certificate, which is a little more expensive than a regular certificate, but allows you to host as many subdomains as you want using the same certificate. I found these vendors:
| Vendor | Product | Browser Compatibility | Price | Notes |
| RapidSSL | RapidSSL Wildcard Certificate | "Around 99%" IE 5.01+ Netscape 4.7+ Mozilla 1+ Firefox 1+ AOL 5+ Safari |
199.00 |
These guys also resell the GeoTrust True BusinessID product (for the same price as GeoTrust does)
|
| GoDaddy | Turbo SSL Wildcard Certificate | "99% Browser Recognition" | 199.99 |
Doesn’t seem like certificates are their main business
|
| SSL.com | Comodo Premium Wildcard Certificate | "99.3% Browser Ubiquity" | 449.95 |
These guys appear to be resellers — not sure how I feel about dealing with a middleman
|
| Thawte | Thawte Wildcard Certificate |
"Best in industry"
|
799.00 |
Having a very unfortunate customer service experience with them at the moment
|
| GeoTrust | GeoTrust True BusinessID Wildcard | "99% ubiquity" | 995.00 |
Spendy
|
| Comodo | Enterprise SSL | "99.3% Browser Ubiquity" | 999.00 |
Spendy
|
This is crazy. There’s a 5X difference between the lowest and highest price for this product? Am I totally missing something here? Has anyone had any experience with these vendors? Would I be dumb to go with the $199 product?
i ran into this kinda thing just a few months back and still haven’t pulled the trigger on a wildcard cert.
check out go-daddy. they seemed to explain the diffs in price rather well. mostly it’s about encryption levels and about the depth of research in validating the cert buyer.
Hm, at $300/yr GoDaddy is cheap but not the cheapest. What does RapidSSL know that they don’t?
One thing to consider is browser compatibility. The vendors above have probably been installed as CAs in browsers for varying amounts of time — so if you need to support really old or unpatched browsers it may limit your choices.
Wait, looks like I got their pricing wrong, it does look like GoDaddy has a wildcard cert for $199/year. Let me review in more depth and I’ll update my chart.
They charge “market pricing” . . . aside from overhead, issuing certs doesn’t really cost them anything.
I’ve done the Comodo before–worked just fine. Are you sure you actually need a WildCard cert? I don’t know for Thawte but I could easily imagine a cert provider hustling you into a more expensive certificate for “technical support” . . .
Feel free to drop me an e-mail if you’d like to kibbutz.
Cheers,
-danny
You do need a wildcard cert if you want to secure multiple subdomains. The question is, do you actually need to secure multiple subdomains? If you’re only using one subdomain under SSL, you shouldn’t need a wildcard cert.
I will say that you want your cert provider to stay in business, and you want them to run a high-performance network. There’s a protocol called OCSP that the browsers use to verify the validity of certificates, and if your cert provider is not servicing requests under this protocol quickly, it can introduce latency or deny users access to your site. I’ve heard anecdotal stories of low-cost cert providers having issues with this, although those stories don’t reference specific vendors. This would make me hesitate to buy a cert from a company I’ve never heard of.
Issuing certs doesn’t cost anything, but they have to maintain them, since each time a user establishes a secure connection to your web site they have to ping the certificate authority to validate the certificate, so there is a cost there.
That said, the cost is obviously extremely fungible if there’s a 5X difference between the low-end and high-end providers.
I updated my chart of providers and prices to add GoDaddy and include some more detail about browser compability. It looks like Thawte may be the winner in terms of browser compatibility but I don’t test the site against IE 3.0 (I don’t even test against IE 5 actually) so that benefit may be lost on me.
I wish it were possible to buy Comodo’s $450 wildcard certificate from them directly, but it doesn’t seem to be listed anywhere on their site.
Oh, duh, here it is: http://www.instantssl.com/ssl-certificate-products/addsupport/wildcard-ssl-premiumssl_wildcard.html
I have experience with both Thawte and GoDaddy. I have also installed the godaddy wild card cert. The wild card cert’s value really comes into play if you have multiple servers hosting multiple domains. you can buy one cert and install it all all the servers and still have a cert for all your sub domains. Very economical.
The only issue you may have is during the installation phase. The intermediate certificate installation is usually not understood or ignored, and then the cert does not work. It’s not go daddy’s fault, it’s the admins messing that up. Also, all modern browser versions support the go daddy cert through the intermediate cert.
I would suggest buying RapidSSL WildCard from http://www.rapidsslonline.com/
Great Price, Instantly Issued and Great Service Support.