Re: SSL Certificate Providers

When I used an SSLprovider a long while ago, I went for Thawte as they were much cheaper. I believe that they are now owned by Verisign and if they are still cheaper then I don't think Verisign is worth extra.

I did a quick check on Google and you might want to look at this link for a range of products, and there's some interesting (I think!) info here

Comment on Re: SSL Certificate Providers

Replies are listed 'Best First'.
Re: Re: SSL Certificate Providers by Anonymous Monk on Jul 14, 2003 at 07:36 UTC
Excellent Links! Thanks! :) I was actually thinking just a few hours ago about why a very low cost CA hadn't been setup using an open group approach. Does anyone have any experience with FreeSSL? 128-bit certificates for $35 that are compatible with 96% of browsers sounds almost too good to be true :) Thanks again :)	[reply]
Re: Re: Re: SSL Certificate Providers by mystik (Sexton) on Jul 14, 2003 at 13:09 UTC
The problem is that certificates are not just meaningless strings of bytes. You can make one right now, for free, using openssl. What your paying for is someone actually researching and verifying that you are who your say you are. And that they are willing to vouch for your identity. Your also paying for having their trusted root installed in a variety of SSL implementations, so you don't have to worry about establishing the base trust. Given Verisign's problems w/ DNS, and a very high-profile case where they accidentally gave out a cert that was identified a non-MS'er as Microsoft Corperation, I'd stay away from them. Thawte, which I believe is still owned in part by verisign, seems to still be managed by themselves. Outside of Verisign & Thawte, there unfortunatly arn't that many providers that share that wide installed base as them.	[reply]