What are the basic factors in choosing a private SSL certificate offering?
• mostly price?
• reputation?
how to evaluate a private as the prices are all over the place.
The most important things are:
Encryption
Encryption protects data during transmission.
Each SSL Certificate consists of a public key and a private key. The public key is used to encrypt information and the private key is used to decipher it. When a Web browser points to a secured domain, a level of encryption is established based on the type of SSL Certificate as well as the client Web browser, operating system and host server’s capabilities. That is why SSL Certificates feature a range of encryption levels such as “up to 256-bit”.
Strong encryption, at 128 bits, can calculate 288 times as many combinations as 40-bit encryption. That’s over a trillion times stronger. At current computing speeds, a hacker with the time, tools, and motivation to attack using brute force would require a trillion years to break into a session protected by a ssl certificate. To enable strong encryption for the most site visitors, choose an SSL Certificate that enables at least 128-bit encryption for 99.9% of Web site visitors.
SSL browser compatibility
For example if your SSL Certificate only has a 90% browser compatibility then millions of users will not trust you. As visitors = Revenue, you must ask yourself if you can afford not to be trusted by million users!
SSL compatibility is determined by the number of browsers that automatically include the root certificate that your certificate links up to.
Try to stay away from intermediate providers such as GoDaddy and others that are part of a “security chain”. The closer your certificate is to the root provider (like GeoTrust or Verisign) the bettter. Examples are RapidSSL (and the other marketed names which used to be Verisign till they were bought by Symantec), etc.
Generally, the cheaper they get (below a certain amount), the further down “the chain” they are. Note that all ssl accesses have to ultimately be confirmed by the “root authority”. So the closer you are in the chain, the better the performance.
[quote name=‘tbirnseth’]Try to stay away from intermediate providers such as GoDaddy and others that are part of a “security chain”. The closer your certificate is to the root provider (like GeoTrust or Verisign) the bettter. Examples are RapidSSL (and the other marketed names which used to be Verisign till they were bought by Symantec), etc.
Generally, the cheaper they get (below a certain amount), the further down “the chain” they are. Note that all ssl accesses have to ultimately be confirmed by the “root authority”. So the closer you are in the chain, the better the performance.[/quote]
Inexpensive $10 certs like Rapid SSL are basically the same as the most expensive in terms of security - is what I have always thought is that correct?
Here is a good thread on the subject:
[URL]http://forum.cs-cart.com/showthread.php?t=15376&page=2&highlight=ssl+certs[/URL]
Security wise, yes. All depends on the number of bits used to perform the encryptions. 128 should be a minimum, with 256 the current norm and 1024 will be here in the future.
Remember, these are products and depending on the marketed name could simply be a price of the branding.
The performance issue is how far down the chain they are. If they are considered an “Intermediate authority” (like GoDaddy) then each request requires it to be authenticated in each link of the chain.
As a web / graphic designer I plan on only using Paypal Standard to invoice my clients.
I realize all the payment security is handled by Paypal but should I purchase a cheap ssl certificate (rapidSSL or positiveSSL) to secure my clients profile data? I know I like seeing the page encrypted when logging in.
I’ve noticed comodo has a special for $10/yr or SmartSSL has one for free. Any suggestions / advice?
Thanks
Jabman
[QUOTE] I know I like seeing the page encrypted when logging in.[/QUOTE]
I believe that you already answered your own question!
And yes, you should protect your customers personal data!
[QUOTE]128 should be a minimum, with 256 the current norm and 1024 will be here in the future.[/QUOTE]
For example RapidSSL upgraded the RSA key length, and related strength, of each CA from 1024-bit to 2048-bit. Certificates from the new CAs will be issued from intermediate roots, creating a stronger, chained CA hierarchy.
[quote]
new CAs will be issued from intermediate roots, creating a stronger, chained CA hierarchy
[/quote]
Can you explain this statement? How does having new CA’s be a branch off of an existing chain make it stronger? The highest performing certificate you could get would be a direct root authority. As the chain increases in length, the certificate gets passed to more and more places for validation each link of the chain.
I don’t understand the statement about intermediate root authorities making a strong chain…
Here is the source link: [url]https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AD239&actp=LIST&viewlocale=en_US[/url]
The strength comes from the 2048 bit encryption, not from the fact that the big boys have decided they want to lock down the root authorities and therefore want a way to charge more for a direct root authority than for an intermediate link.
Previously, RapidSSL certs were secured directly by the VeriSign root authority. Then Symantec bought VeriSign. So in true Symantec fashion they wanted more marketing power for their premium certificates rather than providing the same abilities and simply marketing under different brands (RapidSSL and Verisign had exact same capabilities/performance but VeriSign was 3X the cost).
When Symantec (RapidSSL is now Symantec) says industry best practices, they mean their best practices since purchasing VeriSign makes them the industry.