Do consumers care about the certificate authority?

Forum Moderators: phranque

Message Too Old, No Replies

Do consumers care about the certificate authority?

Any advantage of Verisign over Thwarte over Equifax

lgn

2:58 pm on Apr 27, 2003 (gmt 0)

We are currently using Thwarte as our SSL certificate authority, and are wondering if consumers are really woried about who is providing the CA, Verisign, Thwarte or Equifax.

In other words, will using a non Verisign CA result in loss web sales.

One thing we are doing, is using the Verisign logo on most of our website, but on the order page we use the thwarte logo (with Thwarte, A verisign company).

After all, Verisign bought out Thwarte, so Thwarte is indeed a verisign company. So we are covered there.

Equifax is even cheaper, and we are considering switching, if the consummer only cares about that little lock box on the web page, and not who provides the lock box.

txbakers

5:01 pm on Apr 27, 2003 (gmt 0)

I think the consumer won't know or care about the difference. Verisign has a good reputation among web builders, but I don't think users give a whit.

lorax

7:13 pm on Apr 27, 2003 (gmt 0)

I'm not sure I agree. I know that some consumers, most of the mom & pop buyers and the average bloke probably don't care or don't know enough to even ask. But I also know that I'm not the only one who does occassionally check.

I know that if I see a Thawte or Verisign emblem on the website, I will feel more secure. If I see a logo from Bob's Certificate Shop I'm more likely to shop elsewhere.

If I don't see the emblems I don't necessarily go looking for the cert unless I have doubts about the credibility of the vendor. If I shop at Amazon or REI I'm far less likely to ask who does the certification. But if I shop at Joanne's Kink Shop then I am more likely to check that cert and do a bit of homework before I purchase. For me it matters. I'd hazard to guess that I'm in the minority though - less than 1%.

marcs

7:20 pm on Apr 27, 2003 (gmt 0)

Using either a Versign or Thawte cert will probably work OK today.

Years ago, we used a Thawte cert and some people with older browsers didn't recoginize Thawte as a valid signing authority. Getting a Verisign cert instead fixed that situation.

This is probably no longer an issue today for Thawte, however it certainly is for some of the cheap alternatives out there. Make sure to check which browser versions are supported by cert providers and verify it if possible.

dkubb

8:32 pm on Apr 27, 2003 (gmt 0)

I recommended to one of my clients to get a Verisign Cert over anything else, for maximum compatibility with all new browsers, and most ancient ones.

The cost was over $800 for the year for the package they bought. IMHO this is high, but it can be justified by the fact that three or four lost sales over the year would cover the $800 cost. With hundreds of orders each year, its quite likely that we'd recoup the cost.

Does anyone know if there is a list somewhere that cross references the default CA's for each browser (by version)? This would give us a more objective basis for choosing CA providers.

SEO practioner

11:25 pm on Apr 27, 2003 (gmt 0)

Dkubb, I've been looking for that elusive compatibility list myself for at least 3 years now and sadly, I am still looking.

If ever I find it, I will be glad to sticky you with it. Or you sticky me if you find it before me.

Browser compatibility is of course a big issue in all respects when it comes to SSL and cert's.

SEO