Ya, it's a joke. After a few years of $250 certs from GeoTrust, I discover GoDaddy's 5-sites-for-$80.

They haven't been added to my server yet, so I can't say anything else about them yet. I guess the lack of the nice geotrust seal will be different, but I think that is okay for my customers.

But wait, mine are GeoTrust. There is a self-serve wholesale division.

interesting!

I have no affiliation but the wholesale portion is RapidSSLOnline. I brought this up because we had an SSL emergency today and had to renew one quickly. All in a matter of 10 minutes. That's fast! And, from this point forward, all will be 5 year renewals!

The main reason we do it (although I'm not sure we will continue to after this year) is for all the non-tech savy consumers that use our site. You're (well, I guess *you* aren't anymore :) ) paying for the brand name/recognition. We have a lot of non-U.S. customers, and the VS brand is much more well-known and trusted overseas than others. (At least that's the assumption we've been going on up to now...)

Chances are that I might have finally made the switch this year to GoDaddy's, but I still can't get over the fact that it looks extremely cheesey and unprofessional compared to the VS seal.

It's a hard choice between going with a seal that screams "cheapo" or one that screams "idiot for wasting so much money!" :)

For next year, we will probably buy a cheapo GoDaddy one a few months before the current one expires and try some A/B testing to see if it really makes any difference (we just didn't have the time this year to do any testing before the expiration).

Previously the main reason to use expensive VeriSign ones was much better browser support, however these days browsers are released and updated more often so, the smaller companies that before had to compete on price now suddenly look like a no-brainer option. Will be buying SSL tomorrow myself and no way I will ever pay VeriSign like fees...

The whole SSL thing is a scam worse than domain name business - there should have been a non-profit that would charge strictly enough to break even for this fairly straightforward service, it's not like they invested time and money to invest public key cryptography, all this was done way before them.

I use RapidSSL too. Quick and Easy.
Shows as "EquiFax Secure, Inc." and EquiFax is just as well known in the US as VeriSign, maybe more due to their Credit Rating business.

I didn't like their seals (the appearance) so I just made my own "seal" in PhotoShop and linked it to our Security Notice/FAQ page.

I didn't like their seals (the appearance) so I just made my own "seal" in PhotoShop and linked it to our Security Notice/FAQ page.

Brilliant!

I guess I'm being "outed" on this one. I felt the same way . . . . and previous posts here slam-dunked me into silence. :-)

It's my understanding that the more expensive certs are more "trusted" by both the browsers and end users. In the case of browsers, if the browser doesn't recognize the certificate authority, this could mean the user may be prompted to install the cert or get a warning they don't understand. This is probably the best argument for expensive well known certs.

I went with this explanation because well . . . I don't know everything (and less every day, it seems.) A goDaddy cert provides the same 256 bit encryption as more expensive ones . . . so the physical security is no less. (Right?) User gets the lock icon. All good, right?

I kinda like the goDaddy seal, not because of it's design but because it actually connects to the authority site and displays real data about the domain. Not that anyone really notices. :-)

A few previous discussions:

Need an SSL Cert - Cheap [webmasterworld.com]

Extended Validation SSL Certificates: Are they Worth it? [webmasterworld.com]

How Much Should an SSL Cert Cost [webmasterworld.com]? wsmeyer makes a good point here, but is it accurate?

SSL Providers Again [webmasterworld.com] This one demonstrates the danger of the cert not being recognized by the browser. It's from 2003, and one poster even had trouble with a geoTrust cert.

I myself use Comodo EV for 325 a month. I will admit it was a pain to get but now I know the company researches and makes sure your a legit company before they issue you certificate. Seal as well connects to Show company data and insured amount.

It is crazy to pay 1200 a year for a certificate plan crazy. I may have made a mistake on the 325 a year and most likely would have been just as well off with the 99 a year certificate.

I kinda like the goDaddy seal, not because of it's design but because it actually connects to the authority site and displays real data about the domain. Not that anyone really notices.

GeoTrust have that option too. As long as that third party server is serving 24/7/366 all is fine.

I will admit it was a pain to get but now I know the company researches and makes sure your a legit company before they issue you certificate. Seal as well connects to Show company data and insured amount.

But is all this really having that much of an impact on the consumer? I've been purchasing online since the early 90s. I don't think I've once investigated someone's SSL, not once, or at least not from a consumer buying standpoint.

Its all a bunch of marketing hype if you ask me. How many freakin' consumers know what an SSL is? Huh? Maybe a few. Most are just looking for the https connection. And then, many are going to be looking at the site itself. We'll assume that the website the visitor is on establishes a feeling of trust just because of its look and feel, layout, endorsements, etc.

I get worried when I visit a site that has "too much" in your face security stuff, I really do. And, as a Webmaster, I'd be real concerned about painting targets on my ecommerce platform like that. You know, all that Hacker Safe stuff, the flashing green icons, etc. What is that crap anyway?

For the high traffic ecommerce site, go right ahead and pay the $. For a small to medium size site, I really don't think it is worth it. Can someone convince me otherwise?

Hmmm, I say, even for a high traffic site . . . why pay so much? If it's high traffic, you don't have a problem with user trust, so the only real issue is functionality. Can anyone demonstrate some physical increase in security? A better algo? Anything? If the encryption depth is the same, isn't it the same thing?

I've had an online store for 5 years and never got around to installing an SSL cert. Our payments are processed by WorldPay so that is all secure. I know we should have an SSL for the checkout process, and I am currently looking into it. However in 5 years and with around 20,000 orders, I've had 3 or 4 people email to enquire about the security (or lack of). Of course there may be many who just didn't order without contacting us, but it is interesting how little impact its had.

Of course there may be many who just didn't order without contacting us, but it is interesting how little impact its had.

You really don't know what kind of impact it had or do you have the stats on the cart.
If ya had the SS could it not have been 40,000 orders truth is you really don't know and with the ever widing knowledge of the internet user I would suspect it is more of an issue than you think.

bwnbwn,

325/mo? Personally I don't know what kind of % it affects the cart in either. Have you done any research that can point us in the right direction for such a hefty certificate? I've been on the net for a few years, so I do know a little more in accepting/declining certificates(I hope). That just seems really steep. Unless are your products particularly unique and/or expensive?

You say you know that they do research. I can say I don't click on any of those seals though, because I feel they're useless. If someone wants to I figure it's not hard to bootleg a logo.

Mine is 325.00 a year and I agree with you completely at 325.00 a month that is crazy and to me unacceptable.

I can get a certificate for 99 or less a year but I chose to go with the teir 1 and green bar.

Ahkamden about 4 years ago maybe 5 my cart was unsecure except for the input of the CC numbers and I had then many customers complain about putting in personal information in an unsecure cart. Since then I have been secure in all parts of the cart.

I can't give you any numbers due to the fact it was so long ago but I do know this I wouldn't operate a ecommerce in today's enviorment without a Secure Certificate.

This is my opinion only and I would do some research to see if there are any numbers out there to help ya out on making a decision.

I have purchased about 5 godaddy certs over the last 2 years. They work great and we haven't lost a single sale (that I've known about) because of using them. I think 99% of people that purchase on our site have very little knowledge what the certificate even does. Our checkout process is secure and our identity is legit.

As a web developer I know what a cert does/cost so when I see the verisign badge I think to myself, "ouch, that was expensive".

Our payments are processed by WorldPay so that is all secure.

TimmyMagic, if you're using WorldPay (or any other 3rd party payment processor) why on earth would you need ssl for your pages? What am I missing?
I thought the secure pages were only for transmission of the vital credit card details - who cares about the shopping cart data?

who cares about the shopping cart data?

It gives extra confidence to consumers if it is all secure - SSL certificates can be had cheap these days so it seems to be a no brainer to secure the whole process from start to finish - don't forget that users would most likely need to login to view invoices etc, this really should be just as secure as credit card data.

don't forget that users would most likely need to login to view invoices etc, this really should be just as secure as credit card data.

I agree! As soon as that person has to enter their name or email address, they should be at an https connection, or at least I think so and one other above. ;)

Also, once you have the cart sitting behind https, then you block all https via robots.txt and be done with it!

When it comes to SSL: You should use it to protect your customers data.

Forget however about any effects on sales. There are no SSL certificats more trustworthy than others to your customer because your customer does not even now what SSL is. Most customers do not even know SSL exists. And even if they know, the moment they buy they are to much occupied with comparing prices and other things concerning the purchase to bother.

I know what an SSL certificate is, I know the various providers and I can't recall a single time I even thought about SSL when making one of the dozens, probably more than a hundred purchases on the internet in the last years.

There are no SSL certificats more trustworthy

If there is a user-prompt for untrusted authority that signed that SSL then it is a BIG problem trust wise in most cases, however there seems to be no big difference trust-wise in terms of a range of SSL signed by different companies - as long as they are recognised by default in most browsers you should be okay.

if you're using WorldPay (or any other 3rd party payment processor) why on earth would you need ssl for your pages?

Among others, my #1: it allows you to do a silent post to process the CC info. A silent post is only accepted from an SSL connection. You connect back-end using curl or some other post method, pass the data to the processor, and never have to store it on your site.

Customers never leave your site. +1 for customer trust.

May or may not apply to WorldPay, but does for every other processor I've worked with.

Can someone clear something for me, once you purchase and install the SSL certification, does it actually communicate with any server or anything?

i.e. good going with a $14 certificate mean potential downtime versus going with geotrust themselves?

>> communicate with any server

[verisign.com...]

The Encryption

When a Web browser points to a secured domain, a Secure Sockets Layer handshake authenticates the server (Web site) and the client (Web browser). An encryption method is established with a unique session key and secure transmission can begin.

The Authentication

When the SSL handshake occurs, the browser requires authentication information from the server.

The authentication is the digital certificate that you install.

So no, there is no communication other than that between the web server and the client computer.

Thanks bwnbwn

By you I can see some good seals option to boost my customers.

Now my website is up and I am using my payment gateway as Paypal. I know there is no need of SSL now as paypal will take care of it. But to create trust in customers mind I have to sign up for a SSL.

I have now some options:
Comodo: Instant SSL, comes with Trustlogo
Trust Guard: Multi package seals
Rate point
Truste
Safe Buy

My budget is also less then $500.
Uptil now I was deciding InstantSSL from Comodo so that customers can see SSL from a good company and then Trust Guard Seals. But now I am confused. As I can see some good options too.

So please guide me what seals to finalize and why? So that customers can trust my website and purchase items from it.

Or if you have any good option then tell me please. I will be thankful to you.

go daddy is having a special on their ssl for 14.95

GoDaddy is just fine for the job.

I've been developing the last 15 years on the web... and started to use the GoDaddy SSL certificates... 2 years ago.

Finally saving a lot... after forking out a lot...

Really if you prefer the logo of some other certificates (that may happen too), you'll basically have to pay much more.

But I repeat, in terms of functionnalities, they are JUST the same.