Portal Home > Knowledgebase > Articles Database > different kinds of SSL certificate?
different kinds of SSL certificate?
| Posted by eroy4u, 04-29-2008, 12:08 PM |
| I want to buy an SSL certificate for my international web site.
I found that SSL cert. from versign cost about US$1500,
however, those from namecheap.com cost about US$20,
What are the difference between these certificates?
I am confused and googling just cannot answer my question.
Thanks if anyone can help.
|
| Posted by rv_irl, 04-29-2008, 12:12 PM |
| SSL's from an issuer performs two functions:
- Verification
- Security
The main difference is the level of verification performed. Higher SSL certificates usually have more verification performed and thus more consumer confidence. Sometimes throwing in a site seal as well.
In terms of encryption and security, a $1500 cert will be just as effective as a $10 cert or a free self signed cert.
|
| Posted by ashish1987, 04-29-2008, 12:27 PM |
| So you mean that getting a RapidSSL or a free self signed SSL is the same thing? The security and encryption is the same?
|
| Posted by rv_irl, 04-29-2008, 12:34 PM |
| Yes pretty much (encryption wise)
|
| Posted by AndyGambles, 04-29-2008, 01:04 PM |
| This is not completely true. Some of the more expensive certificates utilise SGC which provides step up encryption to a minimum of 128-bit whereas the cheaper certificates may only connect at 40-bit depending on the server/browser/OS combination.
It really depends on the level of encryption you require as to wether this matters.
|
| Posted by rv_irl, 04-29-2008, 01:31 PM |
| A RapidSSL cert is 128bit, you can generate a self signed cert with 256 bits.. A RapidSSL can be found as cheap as $8, and self signed is free.. Or am I missing something here?
|
| Posted by ashish1987, 04-29-2008, 01:34 PM |
| So a 256 bit self signed is better than a $20 RapidSSL ?
Or is it that people buy the expensive SSL vertificated only so that their visitors feel lil more secure?
|
| Posted by eroy4u, 04-29-2008, 01:40 PM |
| Thanks. what are the differences in what customers see when they come to my web site?
|
| Posted by rv_irl, 04-29-2008, 01:50 PM |
| No not necessarily. Like I said, an SSL has two functions. You lose the verification aspect with a self signed cert as you generate it yourself. The client will also see a warning message triggered by the browser alerting the user that the certificate is self signed.
You won't need more than 128bits. 128bits is good enough.
|
| Posted by MrAlaska, 04-29-2008, 01:51 PM |
| What is 'better'? Encryption is only half the purpose. From a business standpoint it may be more important to give the visitor a sense of security. The average visitor may not know the extra validation required to obtain the more expensive certificate or even bother to review the cert but to a business it might be a detail they do not want to overlook in case they are subjected to a critical review or if they are soliciting investors.
|
| Posted by deepman007, 04-29-2008, 02:12 PM |
| So WHich one is better to get from godaddy? Standard, delux or premium?
|
| Posted by ashish1987, 04-29-2008, 02:17 PM |
| Well thank you for your answers. I was on my way to buy the RapidSSL. Tell me which is better. RapidSSL or standard from Godaddy?
And where can I get RapidSSL at the best costs?
|
| Posted by AndyGambles, 04-29-2008, 02:20 PM |
| Yes a RapidSSL cert is 128-bit but this is not the minimum encryption it offers. If the user is using an older browser or the OS is an older Windows 2000 system for example then RapidSSL will likely only offer 40-bit encryption. This situation may be very rare however so you need to decide on how important this is to you.
Whereas a certificate with SGC automatically steps up the encryption to be a minimum of 128-bit.
Again it depends on the usage of the certificate. If it is for an admin area where you know everyone is using the latest browser then it may not be a problem. If it is for an e-commerce application where you really need the strongest encryption possible but you can not ensure everyone is using the latest browsers then an SGC cert may be better for you.
|
| Posted by AndyGambles, 04-29-2008, 02:22 PM |
| You need to be specific as to the purpose of your certificate. Not all certificates are suitable for all situations.
|
| Posted by rv_irl, 04-29-2008, 02:26 PM |
| Yep you're right, just read up on SGC - interesting stuff! Thanks for the info
|
| Posted by LayeredSoft, 04-29-2008, 04:06 PM |
| welcome
can any bady tell me how I can create a self SSL 128-bits ? to use in CPanel / WHM
|
| Posted by eroy4u, 04-29-2008, 04:27 PM |
| Thanks. Can anyone tell me, when customers come to my web sites, will they know whether I use a expensive or a cheap SSL cert?
|
| Posted by SPaReK, 04-29-2008, 04:34 PM |
| You need to define what the purpose of having a certificate is.
If you are selling something or in a situation where you are presenting your website to people that do not know you and do not have any type of business relationship with you, then you will want a purchased certificate. Now the question becomes, how reputable do you want to appear? The different levels of certificates mainly have to do with how much back tracing a visitor can do. Are you a real business or just someone out to scam someone? I'm not all that educated with the various degrees of certificates, but I suspect the more expensive are meant to make visitors feel more comfortable knowing that the certificate authorizer has verified that you are a real business. But as someone has mentioned, when was the last time you really checked that information out on someone? But again it is personal preference. If you are doing business with people that do not know you or have a relationship with you, then you definitely want a purchased certificate, even if it is a cheap RapidSSL certificate.
Now if you are dealing in a situation where the visitors know you, maybe they are already customers of yours or you can otherwise communicate with them and all you are interested in is the encryption aspect of a secure certificate, then just use a self-signed certificate. A self-signed certificate is going to pop up in the browser saying that the browser does not recognize this certificate. This is why you don't want to use a self-signed certificate in a situation when you are dealing with new customers or people that do not know you. This will serve as a red flag for them. However if you are dealing with people that are already your customers or know you, you can simply tell them "You will see a certificate warning pop up when you access this page, this is fine and safe, it is just a self-signed certificate being used so that the form will be encrypted" or something to that affect.
|
| Posted by SPaReK, 04-29-2008, 04:38 PM |
| In your WHM click the link for Generate a SSL Certificate and Signing Request fill this out just as you would for generating a CSR for a purchased certificate. When you click create you will see three sections a CSR (Certificate Signing Request), Private Key, and Self-Signed CRT. Copy the CRT and click the Install a SSL Certificate and Setup the Domain link and paste the certificate into the top box. It should automatically fill out the private key and domain information.
One thing to note, a domain name that uses a certificate really needs its own IP address, so if you haven't already given the domain in question a dedicated IP, you might do that before you generate a self-signed certificate. There's nothing to stop you from installing one on a shared IP, just only one certificate can be installed per IP.
|
| Posted by LayeredSoft, 04-29-2008, 05:05 PM |
| that was intresting
thanks alot
but this make me sad
The CA is not trusted ! why IE give that error and how we can prevent it !
Oh no ! look what FireFox says :
|
| Posted by SPaReK, 04-29-2008, 05:10 PM |
| Did you purchase a certificate? The certificate may have a CA bundle that ties it to recognized certificates. Did you install that?
If you are referring to a self-signed certificate, this is the error message that is going to be presented because self-signed certificates are not issued by an authorized certificate maker (though the encryption still functions).
Another thing to note, make sure you are using the hostname that you used when you generated the CSR. I know a lot of times people will order a certificate for domain.com and then try to access it by going to https://www.domain.com. This won't work, the hostnames have to match exactly, you would have to use https://domain.com.
|
| Posted by LayeredSoft, 04-29-2008, 05:15 PM |
| I installed a self-signed crt
so no idea to prevent this message ?
I install it with www.domain.com
another question ! :
the SSL crt can prevent site to get hacked ?
Thanks
|
| Posted by SPaReK, 04-29-2008, 05:19 PM |
| Is the site not working at all?
The security warning popup is normal for a self-signed certificate, there's no way around it (you can accept it in your browser's certificate repository to make the warning go away for your browser, but that only affects your browser).
You should be able to accept the certificate, either permanently (adding it to the browser repository) or for that session only (you will be prompted again when you close your browser and restart it going to that site) and you should be able to continue on accessing the site securely.
|
| Posted by LayeredSoft, 04-29-2008, 05:26 PM |
| OK Thanks alot
|
| Posted by AndyGambles, 04-30-2008, 03:28 AM |
| No it can't. If the site is poorly coded or the server is insecure then it could still be hacked.
|
| Posted by eroy4u, 04-30-2008, 03:49 AM |
| Sorry to ask again but I didn't get the answer. Can anyone tell me, when customers come to my web sites, will they know whether I use a expensive or a cheap SSL cert?
|
| Posted by AndyGambles, 04-30-2008, 05:25 AM |
| If they know what they are looking for then yes.
If you use an EV (Extended Validation) certificate then users with IE7 / Vista and soon to be FireFox will see the address bar go green.
If you get a company validated certificate then additionally your company name will appear within the certificate when the user clicks on the padlock. With Opera/IE7 the company name will be dsplayed next to the padlock.
Certificates that are just domain validated will state this when you view the certificate.
|
| Posted by deepman007, 04-30-2008, 11:27 PM |
| Im trying to get an SSL for my E-commerce site, but the thing is I use paypal to accept peoples payment. I need an SSL because buyers has to fill out the form or creating an account, but there's no Credit card info stored on the site. So, should I get a standard SSL, delux or premium ssl from godaddy? or any other suggestions?
Thank you
|
| Posted by AndyGambles, 05-01-2008, 02:58 AM |
| My personal suggestion is if you are selling e-commerce then go for the EV certificate (Premium).
Even less savy users are able to distinguish when the address bar goes green and it can increase sales.
We installed a VeriSign EV certificate on our site and sales have definately increased from cold visitors.
|
| Posted by deepman007, 05-01-2008, 11:28 AM |
| I cant afford at that price! Any cheaper ones that can be recognized by most browsers and users?
|
| Posted by AndyGambles, 05-01-2008, 01:26 PM |
| Get the cheaper one then. My only point is if you want to encourage people to part with their cash an EV certificate can give a better image.
|
| Posted by Frontpage1, 05-01-2008, 08:13 PM |
| Godaddy has a special for AES-256 Standard SSL certificate with a site seal for $14.99 a year.
Take a look at this chart for price/service comparisons.
https://www.godaddy.com/gdshop/ssl/s...pp%5Fhdr=#tabs
|
| Posted by deepman007, 05-02-2008, 11:01 AM |
| I guess Standard SSL will do right ? Also, If it expires, do i have to get a new ssl or i can renew and don't have to reinstall it again ?
|
Add to Favourites 
Print this Article
Also Read
FTP Ban (Views: 541)