I run a web-based email application on my domain, and it’s coming up on time for me to renew the SSL certificate that keeps people’s email sessions secure. For the past four years, I’ve used Thawte to issue the certificate, mostly out of inertia, but looking at their offerings today, I noticed that the price for my type of certificate has somehow increased 20% since the last time I renewed (from $299 to $349 for a two-year certificate). Given that I can’t imagine the actual cost to Thawte of issuing a certificate has increased one cent during that time period, it’s time for me to do a little comparison shopping.
In the past, I’ve stumbled across a few alternatives to Thawte (and Verisign, the questionably-trustworthy company which owns Thawte) when it comes to issuing SSL certificates. There’s InstantSSL, which currently is offering a two-year cert for $100, but which only issues chained-root certs (requiring the installation of additional layers of trust in order to get the whole thing recognized by a web browser as truly secure). It’s a bit cumbersome, and there are a few webservers out there that don’t support chained certificates, so if you’re interested in this route you’ll want to make sure that you check into this. (The certs issued by GoDaddy and DigiCert suffer from the same issue.)
RapidSSL looks like a very reasonable alternative ($70 for one year, $121 for two years), and they’re running a free one-year promotion right now for people switching from Thawte. Their certs are single-root, and provide up to 256-bit encryption, and appear to be well-supported, so they might be getting my business soon.
I have a few weeks to mull all this over; does anyone have any other specific recommendations (or warnings of companies to avoid)?
how about free from cacert?
• Posted by: jim winstead on Mar 4, 2006, 4:27 PMJim, unfortunately, options that don’t have corresponding trust certificates preinstalled in web browsers aren’t all that great, because users can’t be sure that the certificate itself hasn’t been altered. (An altered cert would allow the person altering it to decrypt anything encrypted using it, defeating the point of SSL in the first place.) The CAcert root doesn’t look like it’ll make it into any web browsers in the near future — this thread is a good glimpse into what’s occurring within the (relatively open) Mozilla world, and my understanding is that nothing’s different when it comes to any of the other popular browsers. That means that it’s no different than a self-signed SSL cert from the perspective of the users at the other end of the connection — they still have to make a decision when their browsers ask them whether they want to trust the cert, and they don’t have enough information to make that decision in a way that guarantees security.
• Posted by: Jason on Mar 4, 2006, 4:37 PM(I just reread that and realize that it sounds admonishing — I certainly didn’t mean it that way! I was just trying to convey that I’d thought about CAcert, and while I love what they’re trying to do, their effort has unfortunately not yet borne fruit that would make most people able to use CAcert certs in a truly trustworthy way.)
• Posted by: Jason on Mar 4, 2006, 4:48 PMFreeSSL was my low-cost provider of choice - I plugged them on AskMe the last time this was asked there - and they’ve been bought by RapidSSL, so I think you should go ahead with them.
• Posted by: Nic Wolff on Mar 4, 2006, 6:24 PMI’ve done business with all three over the years, and my current vendor of choice is RapidSSL. Their telephone verification is particularly fast and convenient. If you can set up a email address on your domain and can be reached by phone, you can get your certificate instantly. I’ve got about a dozen certificates from RapidSSL.
However, it’s exactly this convenience that led to the Mountain America phishers being issued a legitimate certificate. So if you expect your certificate provider to do more to check your trusworthiness than to merely verify the ownership of your domain, they are not the right vendor for you.
• Posted by: Scott Hanson on Mar 5, 2006, 1:32 AMNow, there are so many CAs that we have no control over, to whom are they issuing
certificates for, their practices/policies, who has access to the private
key, so on and so forth.
At this point in time isn’t something we are willing to risk after all
the hard work people to get the PKI aworking model.
Let the CAcert come up with policies, get others motivated into helping, build up CAcert to be
trustworthy.
PKI was/is designed to protect things like non-essential passwords in email/website login and so on.., I feel their are no client applications that will warn about finger prints mismatch and hence at this point in time it’s possible to create a “man in the middle” attack by simply having a second certificate issued by any CA that’s valid in the key store.
People may have to virtually disable all root certificates in their key stores because they simply can’t trust most companies that make it into browsers, and hence PKI can’t be trusted for anything more then protecting passwords or credit card information.
Let us wait and see how the world accepts free CAs and whats the pros and cons.
• Posted by: SVJyotis on Mar 26, 2006, 3:03 PM