What is it about SSLs from different providers?

Portal Home > Knowledgebase > Articles Database > What is it about SSLs from different providers?

Posted by theallseeingi, 11-06-2014, 01:28 PM
I have just started a hosting business and I am pretty new to the SSL market. As a reseller, I will most likely be asked by my customers to suggest a SSL and I am yet to find a clear winner or why chose one over the other, in the various categories. I was looking at a few SSL reseller websites, and noticed that Comodo has about 15+ options to chose from, while most others have 5-8 options and some only 2-3. To further add to the confusion, when I compare it to GoDaddy and ResellerClub and some other local providers, I'm wondering why is there such a lot of variation in price(if not features)? Eg. If an SSL is offered by someone for 10$, why does GoDaddy's entry level SSL cost 50$ odd? They are known to sell some of the cheapest stuff in the industry. Also, what advise would you give if I were to look out for a SSL reseller program? Thanks for your help.
Posted by FCHosting, 11-06-2014, 01:41 PM
It's all about profit. Godaddy charge an unbelievable price of 50 USD because they know that someone is going to come along and is going to purchase that SSL because they haven't done their homework. Another reason why there are many different types of SSL's being sold at Comodo, etc. is because they all have different Assurances, capabilities and a lot more other stuff. Companies like Comodo like to offer you a lot of products as they know that the customer is interested in a variation of products and wants to be able to pick one that suits their needs most. I hope I've answered your question well enough.
Posted by theallseeingi, 11-06-2014, 02:04 PM
Thanks FCHosting. That does clear some air. Regarding GoDaddy : I am surprised they think this way when it comes to SSLs and the other way when it comes to shared hosting But anyways, I got the point. Anybody else wanting to share their knowledge / feedback are welcome.
Posted by theallseeingi, 11-06-2014, 02:07 PM
Does it matter which SSL I choose 1.) for a small e-commerce store OR 2.) for our trusted whmcs?
Posted by eth00, 11-07-2014, 02:04 PM
Some SSL certs have fancy seals that come with them. They will make the argument that these seals help improve user trust. If that is something you want then check what you get with the SSL cert you choose. The only real major thing to consider is an EV-SSL to give you the green bar. They also can provide a bit more trust to users if they are unsure. Beware the process for applying for an EV-SSL can take a few days to get through.
Posted by FCHosting, 11-07-2014, 02:15 PM
I thankfully got my EV SSL activated in only a few hours, it depends on luck you are.
Posted by Website themes, 11-08-2014, 07:16 AM
It's just a whole lot of ******** really. There is this fancy notion that people have that if they spend more money they'll get a better cert. The only thing that matters is features and if you think rationally then you can divide the certs into categories like these: - single domain cert - one main domain and the www sub-domain thrown in for free. - wildcard certs - wildcard sub-domains of a single domain - ucc/san - multiple main domains (used for particular email software and by those who need to secure multiple domains) Then there are different validation levels. Basically this is how many hoops you have to jump through to get the cert. Again people think if they've spent more money or worked harder they will get a better cert: - Domain validation - Pretty much your basic cert where you just prove domain ownership. - Extended validaiton - submit business docs and stuff - Some others that fall in between the above two. The EV certs have the additional benefit that they show up as a green address bar in the user's browser. Yeah, the browser makers are in on the racket too. Do most users care if it's green or not? I imagine not. Ordinary users have never even heard of an SSL cert. Godaddy used to be cheap for domains but it's no longer cheap for even that. SSL certs have always been very profitable upsells. They are like the extended warranties that electronic stores sell you in the real world. Somebody has to pay for those super bowl ads . My advice - get the cheapest cert that has the features you need. Remember it's just a digital signature - a few nanoseconds of cpu time for the CA.
Posted by Website themes, 11-08-2014, 07:57 AM
I'd like to add that if you are going to buy a new cert today you should create a CSR that uses sha256 as the "digest". sha1 is the default and it is being phased out and Google chrome, for example, will display warnings about it. The command below should generate both priv key and csr:
Posted by dtw83, 11-08-2014, 02:47 PM
From a technical point of view, there's most often not more security if you pay more (especially true for a domain validation) EV-SSL will add more security during the validation process but the encryption is not stronger. You're perfectly fine with a normal domain validation for about $8 from a Comodo reseller, there's no need to pay $50 for a domain validation certificate. Resellers are always cheaper but you will still get the certificate directly from the CA (e.g. Comodo).
Posted by Atlanical-Mike, 11-08-2014, 05:43 PM
To add on to that, not every CA is ready for SHA-256, we've still got a while to wait until the 17th of November for Certum to allow us to get our new certificate.