I've just been looking at the 3 SSL certificate vendors you recommed and find myself a little confused. Firstly, the prices are wildly varying from $69 to thousands of dollars. How then does one differentiate between them? Does one assume that the most expensive is the best (and way out my reach)? On the other hand RapidSLL offer a $199 wild-card certificate. Given that I have not yet decided on the layout or which, if any, sub-domains to use would the wild-card certificate be a good buy? Pardom my ignorance but, as I said in my last post, I'm a newbie at ecommerce so would appreciate any help on SSL implementation and usage that I can get. It would be used prmarily for the subscription, registration and account pages but I may also want to apply it to some other pages that will transact sensitive data. Thanks.
Thanks for the info: I think I'll spring for the wild card certificate as it appears to give me more options.
Good question. Most SSL certs work the same way (cheap or expensive). The major reason why one is more expensive than others depends on several things 1) Warranty. Expensive Vendors like Verisign offers a warranty. ie. If you can proof that your site is compromise because the cert is broken, you are covered for some amount 2) Validation / Authentication. Traditionally, when a company wants to buy a SSL cert, the SSL vendor is responsible for validating that the applicant is a real company. The application must supply various business documents (Dunn and Bradstreet #, Business license, etc.). This process sort of ensure the end user is dealing w/ a real company when they see that the cert is issued by a trusted provider. Most low end SSL vendor no longer do this type of validation. 3) Single Root or Chained Cert. More expensive certificates are usually Single Root rather change chained. This improves browser compatibility. My recommendation: I think the rapidSSL one is the best deal. If there's any possibility that you will be using a different common name, ie. secure.yourdomain.com or www.yourdomain.com, you should invest in a wild card cert because you cannot change the common name once the cert is created. Bruce DiscountASP.NET www.DiscountASP.NET
