Not all SSL certificates are the same, here is a rough round-up of differences:
Verification Levels
There are three basic levels of verification: domain only, domain and business, and domain business and identity of representative. Domain only is actually quite weak authentication when you think about it, it doesn’t prove you are who you say you are or that you have the right to use the brand. However to most end-users they won’t know the difference and they will see the locked icon. Domain and business is what is typically provided, and they normally require something trivial like a corporate credit card to verify you are the business in question.
Extended Verification is the new standard that requires extra steps by the CA to verify you are actually who you say you are and are the legal entity allowed to trade under that name. See wikipedia’s entry for more details. In Firefox an EV certificate will show as a Green box slightly to the left of the URL itself with the company name.
Indemnity
Each SSL provider will give different Indemnity insurance should you someone else fraudulently either use your certificate or your domain coming from the same CA. I think its very rare that people actually need to go down this path
Coverage across browsers
Typically all major SSL providers will be supported on all major OSes out of the box straight away. Some may require you to serve an intermediate chain bundle, which can be a hassle.
Revocation
Revocation
Not all CA’s support the ability to revoke certificates – surprisingly to me when I last looked at this only a handful had certificate revocation url’s listed. If your serious about your security pick one that does have a revocation URL.
Summary
Cost
Certificates can vary wildly in cost. Consider the vendors reputation and staying power when considering a certificate, and don’t assume more cash means a better product. Consider the interface and flexibility you have in your CSR – all should support uploading a CSR directly.
Encryption Support
All modern certificates should support 256-bit encryption.
Summary
If your needs sound basic and simple, I would recommend you purchase something cheap. RapidSSL, InstantSSL, GoDaddy or any of the other large players are all fine.
If you are a bigger player, considered upgrading to a new EV certificate. It gives your site a professional look especially among internet savvy users. The process can be timing consuming so budget extra time to get an EV certificate
.
See also: Wikipedia Comparison of SSL certificates.
Leave a Reply