Ask HN: Which SSL Cert to Buy?
For past projects, I've always used GeoTrust, because of their combination of price and browser acceptance.
Today I noticed that GoDaddy, Entrust.net, and instantssl are all cheaper.
Does anyone have any experience with those three?
I.e., is there any reason I shouldn't just use a $30 per year SSL cert from GoDaddy?
23 comments
[ 2.7 ms ] story [ 64.8 ms ] threadNot sure if that helps you any.
I don't understand the chaining issue described, but I can research that a bit more.
It makes sense there's some sort of catch with GoDaddy, since their certs are orders of magnitude cheaper than the others (everyone else is $150+ per year).
All you really need to know is what the root CA is, because some certs (even expensive ones like Thawte's EV) are signed by newer CAs that aren't present in older browsers, mobile devices, etc. Also extra "features" like > 1024 bit keys often cost more.
I see that they resell GeoTrust at $47/year (which is a nice discount from the $250/year I'd been expecting to pay), but what's the difference between that and their own $9/year certs?
Also, startssl's founder is the best ambassador - send a help request, and he'll answer in no time.
Single root certificates are a better option and the RapidSSL certificate that NameCheap is selling for $10 is single root and run and signed by the same people as GeoTrust. Do go with a single root as it makes life easier.
When the whois protection service is provided by the registrar you used to register the domain, how is that third party ownership? They already have a lot of control over the domain.
I don't know about ICANN rules on the matter, however I think they would have pressured registrars to stop offering such services, if that was the case.
If you have further information/links on the subject, please elaborate.
TL;DR: you can do it, but understand the risks you are taking. The whois record is the authoritative record of domain ownership, if your name (or company name) isn't on it, then if there is a dispute, you lose.
I can tell you for a fact that I receive a lot less email spam at the email address I use for whois, because Namecheap changes the address (which forwards to mine) listed every other day. Also I don't get any snail mail junk, although this was never a big issue.
Crazy! I'm glad I asked here first.
http://www.google.com/search?q=godaddy+ssl
Weird surprise, Android does NOT support SAN. DigiCert gave us a root cert for free with our wildcard.
I would recommend you do your homework by checking out GeoTrust (here is a kb article from them http://bit.ly/9HMsqp) - If you are unsure, call them. If anyone has worked with ActiveSync and mobile devices perhaps you can remind me of some of the other issues.
GoDaddy uses an intermediate certificate which means you need to install, not just your cert, but also all of the certs back to the root. It's a minor annoyance, except for the fact that they don't tell you about it until after you buy the cert.
https://www.servertastic.com/rapidssl/ look similar.