Welcome to WebmasterWorld Guest from 107.23.176.162

Forum Moderators: buckworks

Message Too Old, No Replies

SSL certificate providers again

Browser ubiquity, price, trust, and the balance of the 3

     
5:31 am on Jun 27, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Sept 13, 2002
posts:518
votes: 0


I am about to purchase an SSL certificate for a new site I am launching and I find myself waffling amongst 3 choices, Thawte, Geotrust, and Instantssl. I am excluding Verisign from the get go for the simple reason that they are expensive pirates ($$$), and that I do not believe in their business practices as a whole.

Between the 3 mentioned, there are 3 factors to weigh: browser ubiquity, price, and trust.

My first preference is Geotrust which you can buy through Rackshack for $49, but they do not have a root CA on IE 5.0 and below. This will cause a popup up that may turn off Joe Internet. My regular job is running numbers for a major US website, and last week 5% of browsers on that site were IE 5.0 and below. Another $150 bucks to not lose 5% of sales, justifies the cost.

Then there is Thawte. They have a 99% ubiquity, but are $199 for the certificate I need. Also they are owned by Verisign. They are as trusted if not more than GeoTrust, but are $150 more expensive.

That makes me want to try Instantssl. They are $49, and have the same browser ubiquity as Thawte. I realize they are a chained cert, but I think Joe Internet just wants to see the little lock on his browser. The question is do I want to save $150, and risk a company I wonder a bit about.

Can I get a round of feedback from the room on this? Has anyone tried Geotrust and found that the IE 5.0 issue turns off potential sales? Has anyone changed certs because of this?

Is Thawe worth an extra $150 over Instantssl or any of the other chained companies that rely on Baltimore Technology's root CA?

5:38 am on June 27, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 11, 2003
posts:442
votes: 0


Geotrust certs always make my versions of Opera (5.x & 6.x on Linux) pop up a warning about them not being signed by recognized signing authority.

Not that this bothers me much, but it may be an issue for other Opera users.

4:50 am on June 28, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:June 6, 2003
posts:162
votes: 0


I trusted Thawte for the same reason, owned by Verisign. Stupid mistake on my part. After waiting a month and a half and dealing with terrible customer service, I finally asked for a refund and got a certificate from Entrust in less time and *much* less hassle.
Even after that, Thawte told me TWICE that they were refunding my money. After they had held onto it for longer than 3 months, and my having contacted customer service numerous times, I finally had to get a chargeback from the credit card company!

Entrust didn't even charge my card until after they had finished the processing. Their certificates got the same warning as Geotrust's in Opera. I was worried about that at first too, until it was pointed out to me that anyone using Opera probably had some basic understanding about certificates and the meaning of the warning. Such users are much less likely than the typical IE user to get turned off by such a notice.

4:09 pm on June 28, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Oct 8, 2002
posts:151
votes: 0


I've used InstantSSL from Comodo, and it's worked smoothly for me. No complaints about browser issues and I was able to get it set up quickly as well.
1:17 am on June 29, 2003 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 31, 2002
posts:7577
votes: 4


Sorry to hear about your experience with Thawte. I've dealt with them for years and never had a problem.

The choice of a Cert supplier isn't that important to the consumer as it should be. Some folks, like us, are more likely to check up on who issued the Cert but I confess I rarely check. Primarily because I tend to stay with the same online vendors and I've already checked them out.

But, that being said, reputation does count for something - primarily in the customer service end - as in you are the customer. Like I said, I have never had a problem with Thawte but I've never had to use thier customer support either. There have been other threads on this subject so I suggest you do a search and do some reading. I know we've discussed several other companies, pros/cons, etc...

3:33 am on July 7, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 12, 2002
posts:885
votes: 0


Personally, I don't check certificate signers because I don't trust any of them anyway. As far as I'm concerned, the lock just means that if there's an attacker, they're sophisticated enough to run a man-in-the-middle attack.

However, I recently bought a Geotrust certificate just to make the dialog boxes go away in most browsers. (My users decided they wanted one, so I got it for them.) The experience was pretty seamless - just make sure that your WHOIS data is correct before you buy, because they do use the contact phone number there to verify that you are in fact authorized to request the certificate.

1:20 pm on July 7, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Sept 7, 2001
posts:608
votes: 0


I had some terrible problems with Thawte's customer service.

We switched everything to comodo. Setup was easy and quick and we haven't had any browser issues.

7:36 pm on July 7, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Sept 13, 2002
posts:518
votes: 0


I ended up going with Comodo's Instantssl. In the end it was ubiquity and price winning out over name especially when the user just wants to see the little lock and not any of the details behind it.
2:08 pm on July 14, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 18, 2001
posts:77
votes: 0


Instantssl sounds good but is not supported by IE4.
I still have quite a few IE4 visitors.
Does anyone know of a script there will show a message or a popup for specific browser types?

I would like to inform IE4 visitors before they get the IE warning.

9:06 pm on July 15, 2003 (gmt 0)

New User

10+ Year Member

joined:Mar 24, 2003
posts:38
votes: 0


Why not just add the text to your checkout page

"We want our users internet shopping experience to be as pleasant and secure as possible. Therefore we recommend that all our customers use the latest version of their browser of choice to ensure compatibility with the latest security and design features."

or you could check browser levels on the main page with a redirect for low end users to an individuated upgrade education page with links to the update for their browser...

<script language="JavaScript">
<!--
var browser=navigator.appName;
var version=navigator.appVersion;

function loadPage() {

if (browser.indexOf("Netscape") >= 0) {

if (version.indexOf("3.") >= 0) {
window.location="ns3upgradeit.html";
}
if (version.indexOf("4.") >= 0) {
window.location="ns4upgradeit.html";
}
if (version.indexOf("5.") >= 0) {
window.location="ns5upgradeit.html";
}
if (version.indexOf("6.") >= 0) {
window.location="ns6upgradeit.html";
}
if (version.indexOf("7.") >= 0) {
window.location="homepage.html";
}
}

if (browser.indexOf("Microsoft") >= 0) {

if (version.indexOf("3.") >= 0) {
window.location="ie3upgradeit.html";
}
if (version.indexOf("4.") >= 0) {
window.location="ie4upgradeit.html";
}
if (version.indexOf("5.") >= 0) {
window.location="ie5upgradeit.html";
}
if (version.indexOf("6.") >= 0) {
window.location="homepage.html";
} }
}
//-->
</script>

or you could use...

<SCRIPT language="JavaScript">
<!--
browserName=navigator.appName;
browserVer=parseInt(navigator.appVersion);

if ((browserName=="Netscape" && browserVer>=6) ¦¦ (browserName=="Microsoft Internet Explorer" && browserVer>=6))
version="ver6";
else
version="other";

/* Version 6 browser URL */
if (version=="ver6")
window.location="http://yoursite.com/homepage.html";

/* Other browsers URL */
else
window.location="http://yoursite.com/updatethatoldcrap.html";

//-->
</SCRIPT>

I'm sure you can come up with a good explaination about how you care about the security of your customers info and why you recommend they upgrade to put on each page.. you could even come up with a list of vulnerabilities for each of them fairly easily...

gee, I guess I should do that with my site too eh? may as well, half way there already.. and more content for Google to love (you should put hardlinks to the various pages in the body of the entry pages for non-javascript browsers, which of course would eventually be followed, if allowed, and indexed.....

Showing that you care about your customers is never a bad thing as far as I'm concerned..