PDA

View Full Version : Need suggestions on selecting a SSL certificate provider.


Thomass
12-05-2008, 06:42 AM
I am getting ready to set up my first e-Commerce project, and I need to do it economically. I want to install a SSL certificate on my website for secure communication. What should I look for while selecting a SSL certificate provider? Which cost effective options are available for my needs?

WebMan
12-05-2008, 10:43 AM
Cheapest (as long as they are one of the major companies) different ones run "sales" and you should be able to get one for about $50 maybe $75. All they really do is prove you are who you say you are so unless you are selling expensive products the cheapest certificate will do. (people expect the more expensive certificates for more expensive products or something like insurance/medical or other very sensitive information) Usually a cert in the $50 range will do fine, not over $100 unless you feel your site warrants it for some reason. The prices are based simplistically speaking on the degree they authority goes through to "check you out". Even with my hosting company I went from the one I've used for years (and sell myself) because Dotster had an equal quality from another company on sale for less than my "wholesale" at the time (about 40% off "retail") for the company whose certs I sell. So basically go for the bargain if you find one. (If you can wait they often do "sales" right after the 1st of the year.) I'll change back if I can't find something similar, you just don't want to get the warning that you don't have one or that the sites son't match "popping up (so be sure to get an SSL for the part your site payment will be on--like if you leave off the "s" when ordering the certificate and do a cert for http://www.yoursite.com it will pop a "no match" warning for most people when your order page starts with https (for secure)

Turboguy
12-05-2008, 02:26 PM
Well the cheapest I have found (free is as cheap as you can get) is http://www.mals-e.com/

I use them and it is not fancy but does fine.

WebMan
12-05-2008, 05:13 PM
Just a note: That's not a very "recognized" provider. Any host can do a free SSL from them but people expect companies like Verisign, Thwate, or similar.

Herry
12-06-2008, 03:17 AM
If customer payments are being processed by a third party provider such as PayPal, you will not need an SSL Certificate. However, if your customer transactions are being processed through e-commerce, an SSL Certificate is a must. Browser compatibility and browser ubiquity are the factors that must be checked together with the encryption needs before selecting a SSL certificate provider. Different certification authorities like RapidSSL, Thawte and others with high browser compatibility and browser ubiquity have great pricing options. Their services can be sought to ensure a secure web connection and increase your e-commerce stability and you could find some good pricing options at SSL Star (http://www.sslstar.com/Products/Pricing.aspx) for your consideration.

WebMan
12-06-2008, 10:39 PM
True what was said about PayPal, I just assumed you wanted a certificate. Like the others the above mentioned is not a widely recognized name, but how much you need a "name" certificate depends on your needed level of "trust".
For example we sell the 1-2-3 type certificates from Thwate for less than the above company and Thawte is a Verisign company, which was the first company worldwide to start offering digital certificates. (and the 1-2-3 type are the lest expensive=lowest verification procedure but adequate for most uses (makes th addreess bar turn green :)
So IF you do really need one, shop around. The "name" certificates are no more expensive then the "unknowns" if it matters. Like everything else about hosting it's a terribly competitive market.

IF you DO need one make sure your host will install it for you if you do not have a place to install SSL certificates on your own domain. (we could let customers do it but found it's easier to do it for them (of course we can only do that for our customers) but they usually mess it up and we end up with a support request anyway so it's usually easier just to do it for them ;)

I also just noticed you mentioned communication, not payment. For secure communication like schedules or names & adresses & other "generally private" information you can just use a free certificate from your host... it's with credit cards when you start needing better certificates & such.

Turboguy
12-07-2008, 07:06 AM
Personally I think the scale of someones plans comes into play in this decision as well. If someone expects to be the next Amazon they should go a first class set up and make sure they have top notch security on the online order cart.

If someone wants to offer an online shopping cart but doesn't expect it the be hundreds of orders a day then something like mals is a good way to add that feature with no cost. I have used mals for several years. I have never heard of a security issue with them. It is easy to use. I haven't paid them a penny. I have never had a customer complaint about the online cart we use through mals.

For us we sell millions of dollars of product but most who are buying things like we sell they prefer to do it on the phone. Online orders for me may be 4-6 per average day in season. This time of year we may not see one a week.