Hi all,

I am in the process of setting up my stores webstore, and I need a SSL certificate. There are many providers, but the question I have is: who is trustoworthy?

Verisign is the most seen one and AFAIK the most trusted...or are they? they also cost about $400 a year.

Godaddy was mentioned by my web designer, but he knows design, not marketing issues.

Does anyone have any thoughts on this matter? Is it worthwhile to pay more for the 'Verified by Verisign' vs. the 'Verified by GodDaddy'?

I have actually used both GoDaddy and Verisign in corporate and non-corporate environments. You'll have to make the decision about whether or not GoDaddy's over-sexed image matches the philosophy of your website (and it is an issue at least in the corporate environments that I have been involved with).

From a technical aspect, they are both implementing the same technologies and their process for setup and management are similar. But there are 2 overwhelming factors when deciding between the 2 companies price, if remember correctly Verisign is $400 vs. the equivalent $20 godaddy cert. One thing you may not be aware of however (and I wasn't until I literally ran the same site with 2 different certificates) is that GoDaddy's cert's IMO are a lot slower than Verisign's. Verisign's process apparently validates and encrypts every request very quickly, when running the same site on the same server and same database using GoDaddy's cert. there was a noticeable lag (2-3 full seconds, otherwise known as website murder).

The only thing I can find different was the SSL, the delays in delivering web pages came down to significant "post-render" delay (meaning after my server was done doing it's stuff and sent it that's when the delay was introduced). It has to be GoDaddy because I am running on a local LAN in many instances and either way, I literally tested side-by-side so any delay in my Internet connection would be the same regardless of SSL encryption...

I'll stop rambling, I hope it helps...

I did some research on this back in January in preparation for getting a certificate for my company.

Check out Thawte. They're actually owned by Verisign (Mark Shuttleworth took the millions he got from selling Thawte to start the Ubuntu Linux distribution), but they're run as a separate company, and their rates appear to be cheaper.

Unless you're planning on securing more than one domain, go for the SSL123 certificate. The cost for that is $400 for three years.

Some of the groups where I work lean on Thawte.

I don't really know how to rate GoDaddy; we've never used them, probably for the reasons skeptigator mentioned.

Or you can go nuts, get a single certificate from wherever, set up an Active Directory, then put together your own PKI and from there self certify as many servers as you want. Although assuming you make it through the process without offing yourself in a most spectacular way ("Officer, he leaped onto the domain controller while holding a landmine!"), you'd really need to be handing out certs left and right to justify the cost.

Yes, of course that last was the outrageous suggestion offered in jest, not mean to be taken seriously.

I'll stop rambling, I hope it helps...

It does, it does.

I checked out Thawte, and I'm leaning in that direction. I did note they have one of the most conufsing 'checkout' processes I've ever seen. Tons of stuff put there in a manner that you don't know if you are required to click on it or what.

Pheh!

Grumble GRumble

Turns out that my provider has 'shared' SSL. But I don't know how to get the shopping cart software to recognize it!