I've used/using $49 GeoTrust SSL certificates from ev1servers.net (formerly rackshack)and never had a bit of problems. I doubt that the Godaddy's are much different :)

The thing to look for is who is actually issuing the certificate - the certification authority.

When a browser goes to a SSL'd page, the browser decides whether to trust it based on who the SSL certificate was issued by. It looks at a list that was installed with the browser of "trusted root certification authorities".

Most SSL certs are sold by companies like GeoTrust or VeriSign that are already in your browser this way. Or sold by companies that own a trusted root, like FreeSSL is a subsidiary of GeoTrust.

Other companies, like Comodo, do not own their own root and have to rely on a company that does, which issues the certificates which the company then sells. This is called "chained SSL", and can be much cheaper, like $20. FreeSSL is chained SSL too, but FreeSSL is owned by GeoTrust so that's not risky like Comodo's, which is owned by a different company, BeTrusted.

The encryption is the same in any case, you can write your own certificate and it would work, it just wouldn't be recognized by any browser.

So it's basically a matter of what percentage of browsers trust that certificate. GeoTrust, Verisign, they're at 99%. Chained SSL will usually come in around 96%.

So in this case, GoDaddy seems to be selling Starfield certificates, which looks like it is a chained back to ValiCert. According to some recent news articles which you can search for, Starfield is a subsidiary of GoDaddy, bought an 'unused root certificate' from ValiCert Inc and recently began offering certificates. So I guess they own their own root now too.

But for the same price to get a GeoTrust certificate...it's up to you but GeoTrust is a big name and their root is Equifax which is known by many people both in the online world and offline.

Of course, to most people, they just want that little lock to be closed and not have any notices popping up so maybe it really doesn't matter that much.

Feel free to correct anything, I just recently did research on this and it's still kind of confusing.

You're quite right 'shinyblue' we(our clients) only want the little lock showing - but honestly, I'd like to know a whisker more about this whole topic.
I admit it - I don't understand what it is all about.
Is it about tightening up the 'inter-server' communications? Is that all it's about?
Can anyone point me to a laymans treatise on this Security Certificate stuff? Is it really such a big deal?

My major concern is that GEO Trust in not supported by Opera.

[edited by: rogerd at 12:59 am (utc) on Sep. 5, 2004]
[edit reason] No URLs please... [/edit]

I have started using the instant ssl certs. Really, other than generating a security warning because of an untrusted root... there is no real advantage of any of these commercial certs over one you can generate yourself for free. Just try convincing Joe Surfer of that though. So, that being said get the cheapest 128 bit cert that will not trigger a browser error message. Almost nobody clicks on the certs to look at them... and if they did Joe Surfer wouldn't know one from amother anyway. <typo>

Yes, I just bought an SSL Cert from Godaddy's Starfield Tech. GoDaddy's service is excellent. I used Starfield for that reason. Make sure you read their FAQ's on their web site in detail. You will need a Intermediate Certificate installed with the SSL Cert. I was not knowledgeable enough to even know what a Intermediate Certifcate was, nor would I have thought to ask about it. That is an advantage of Thawte and Verisign...browsers recognize them and for non-techies like me, it may be better to pay more and save myself from a very expensive learning curve. But the price is more too with these two. Though both are easily to get ahold of even at 6am. Thawte.com has a great tech chat system. While Godaddy is great at support, their younger offshoot Starfieldtech.com (SSL CA) takes a long time to get on the phone. Long hold times. But when you do get them, they are friendly and knowledgeable. I could not always get a good answer though and the answer was "Intermediate Certificate". Took me a long time to get that. Anyway, my SSL Cert shows Security ALERT! (scared my mother she shut down her system thinking she had a virus), because the Intermediate Cert needs to be applied to "tie" Starfield to or as some say "chained back to ValiCert (which godaddy bought)". XP and very new Explorer Browsers (at work) will automatically put in a Intermediate Cert, but many many browsers even Explorer 6.0 (I am home and using Win98 with Exp 6) will not.

So now I have sent my hosting company the instructions for installing the Intermediate Cert. It may be nothing for many of you, but it was new to me and my hosting company did not seem all that familiar with it. So that is where I am right now.

Been a bit frustrating for a non-technical webmaster like myself, but maybe it is just an easy thing that communication (or the lack thereof) made complicated. An Intermediate Certificate is required and READ about it on their site.

One last thing. I was pretty frustrated waiting for help and could not seem to get the help to solve my problem. Though today their Manager called (after I expressed my frustration) and he seemed bright and I believe committed to service, and he explained much of the above. He responded like a champ. I'll stick with them for that. I spoke with another rep their who really knows her stuff and she helped more. Starfield will be a leader no doubt. And when Explorer 6 is obsolete, so will this problem be. Until then, if you can install Intermediate Certificates or you have someone to do it, then its a great deal.

Regards,

JocknoTech

[edited by: rogerd at 1:03 am (utc) on Sep. 5, 2004]
[edit reason] No URLs please... [/edit]