Thinking of getting own ssl instead of shared, but dont need the super expensive verisign or thawte... does anyone have any recommendations or advice on which would be better of the cheaper companies like rapid ssl or comodo or godaddy or the geotrust quickssl?
and just how hard of a process is it to get and install? any advice on how to carry out the westhost end of the setup would be greatly appreciated.
thanks if you can help
Results 1 to 8 of 8
Thread: SSL Certificates
08-11-2005, 08:27 AM #1
08-11-2005, 09:07 AM #2
- Join Date
- Mar 2004
If it's mostly for personal use, and you don't really care if the root authority certificate is pre-installed in most browsers, then I'd go with the free CAcert.org.
The caveat with the root authority certificate is that browsers will give you a popup saying it doesn't recognize CAcert on your SSL certificate. You can get this to go away by installing the CAcert root certificate in your browser.
However, if you are doing any sort of commerce, I wouldn't recommend this route, as it would probably make your customers nervous to see that popup.
08-11-2005, 06:47 PM #3
Yes, its for an ecommerce site, but no sales yet and probably wont have much sales for some time until owner really decides to advertise and give me more products to upload, so i was hoping an ssl in the 60-100 range would be fine, wondered if any peculiarities about using any of them with westhost or any thoughts in general because never used them before and hard to find really unbiased reviews of what is best to do.
08-12-2005, 02:29 PM #4
08-12-2005, 05:21 PM #5
You've named a few good options. Really there are only 4 major Certificate Authorities (Verisign, Thawte, Geotrust, and Comodo). Verisign and Trust are essentially the same company now. Geotrust and Comodo are still fighting for the bargain hunters, but have actually raised pricing over the last few years.
Geotrust runs RapidSSL (was FreeSSL), QuickSSL, and ChainedSSL. InstantSSL is run by Comodo (they have a few others as well).
Root SSL vs. Chained SSL:
A root certificate is owned by the Certificate Authority (CA). A Chained SSL is "chained" to someone else's root (third party). Verisign, Thawte, and Geotrust offer root certs. Comodo has chained (Geotrust ALSO has chained with their Chained SSL). Chained cert installations require some extra steps and modifications of your Apache config.
For me, the order of importance for an SSL cert on an e-commerce site is:
1. Browser support. You don't want clients getting ANY popup warnings during the purchasing process. Also, remember that some may claim a particular browser is supported, but not over all platforms (Mac).
2. Recognizable Certificate Authority. A Verisign or Thawte secure seal/graphic on a website still carries weight. And for the few that actually click on the "lock" icon, it may mean something. Geotrust is moving up, but still doesn't have the same brand weight. There will be some that will be more comfortable with a recognizable name.
3. Root instead of Chained. Extra steps to install a chained, it's a third party, and browser support doesn't seem to be as good.
Note: There's also issue with getting the cert, where some are more stringent, and take longer. However, this is only relative to the others.
As you research online, be aware that both Geotrust and Comodo created a number of sites for people to compare SSL certs (so they are obviously biased). An example of one is whichssl.com (comodo). Geotrust used to operate whichssl.org (but I think it now forwards to their corp site).
Once you've decided whom to go with, you'll need to generate a CSR. The instructions we have posted at the base of http://members.westhost.com/ssl-web-hosting.html should get you going (install OpenSSL, navigate to newly created .csr file, etc.). There are also instructions for installing the Thawte cert, but they are similar (for the most part) with other CA's.
RapidSSL (Geotrust) is probably a good recommendation for a lower cost option. The only cheaper solutions would be through a chained cert:
- http://www.freessl.com/chainedssl/chainedssl_new.html (Geotrust)
- http://www.instantssl.com/ (Comodo)
. . . but again they are chained.
It'll be nice to see free certs like CAcert get more browser support in the future. But until then, you might as well just create your own cert (http://www.onlamp.com/pub/a/onlamp/2...nuxhacks.html).
Hope this helps,Best regards,
Sales and Marketing Department
When you expect more from your web host
08-13-2005, 01:03 PM #6
Wow! That's an education! Thank you so much for making my decision so much easier. Went with a GeotrustQuickSSL from ev1servers ---- now if only I could get my store to work! (that'll be another post begging for help soon)
08-15-2005, 02:53 PM #7
- Join Date
- Sep 2003
I use GoDaddy's cheapest certificate...$29 a year and it works great.
04-05-2006, 01:20 PM #8
- Join Date
- Apr 2006
Where is OpenSSL installed on the server
I need to find OpenSSL the program from telnet in order to produce some information for my GoDaddy certification, but I can't seem to find it. When I installed OpenSSL it created temporary certificates and stuff, but I need to get there with telnet.
By andz in forum SolutionsReplies: 3Last Post: 09-11-2007, 02:19 PM
By WestHost - ZEsser in forum News / AnnouncementsReplies: 0Last Post: 08-31-2007, 08:16 AM
By lclark in forum General DiscussionReplies: 1Last Post: 06-13-2006, 08:32 AM
By visible soul in forum E-commerceReplies: 2Last Post: 06-12-2004, 12:06 AM
By bk4736 in forum General DiscussionReplies: 3Last Post: 09-15-2003, 10:09 PM