The goal of a certificate authority (CA) / SSL provider is to verify your organizational identity so that when customers access your website they not only receive a security lock, but also know that your identity as a fully qualified host name is authentic, not phishing scammers.
True, most users look no further than a padlock, indicating a secure connection to their banking website, email, etc. However, if any CA was to be hacked, all browsers that trust this CA will be vulnerable, because an attacker can fake a certificate for any domain, including yours. Choosing a certificate provider is not relevant. I have not really heard about this yet. MITM attacks now make a big difference when wireless hotspots become more common.
Another thing is browser compatibility. You expect your newly acquired certificate to be compatible with all modern browsers. This is because they are all loaded with a list of CA root certificates that trust the selected list of SSL certificate authorities. If you buy from a certification authority that is not on this list, all of your client browsers will receive a security warning that the site certificate is not trusted. Just double check that RapidSSL, Geotrust, or whoever you are, is on the list of all browsers you care about. (for example, for Firefox, it is located on the Tools / Options / Advanced / Encryption / View certificates / Authorities tab)
In the end, just get the cheapest one that will give you the necessary level of encryption. He will do his job. Contact your web hosting provider. They may have discounts.
spoulson Oct 01 '08 at 12:40 2008-10-01 12:40
source share