WWW FAQs: Which SSL certificate should I buy?

2006-09-06: To safely accept private information from users online, you need a secure site that speaks the HTTPS protocol. To set up a secure website that the average person's web browser will trust— and by "trust," I mean "display the lock icon without any warning messages"— you will need an SSL certificate. But there are several companies out there offering SSL certificates, at wildly differing prices. Which one is for you?

SSL certificates that most web browsers can accept without grief are sold by a relatively small number of companies. That's because the major web browsers are shipped with a certain set of "root certificate authorities" that they trust... and if your certificate isn't signed by one of those authorities, or by a certificate "chained" from one of them, then you're out of luck— the web browser will display a scary warning to the user or, in some cases, refuse to work with your site at all.

Does your web hosting company offer SSL certificates directly? If so, you should seriously consider it. Some web hosts don't allow you to install your own certificate, and almost all hosts that offer their own certificate deals do the installation for you. It's a nontrivial system administration task, so give their prices some thought. If you're not sure if you are allowed to install your own SSL certificate, ask your host first. You may also have to upgrade your hosting plan to include SSL. If your web hosting plan doesn't say in so many words that it includes SSL or HTTPS... it probably doesn't!
The cost of SSL certificates varies quite a bit, from as little as $20 to as much as $1,000 or more. Why such a big difference? There are three main reasons:

1. Some certificate authorities have been around longer than others, so their certificates work in older browsers. This is by far the most important reason to spend more money.

In 2006, the only place this really matters is on the Macintosh, where Microsoft Internet Explorer does not support some of the newer certificate authorites and encryption standards at all. And since Microsoft has completely dropped support for it, that situation won't change. This means that MacOS 9 users (who are a very small minority today) simply can't access secure sites with certificates signed by certain companies, at least without running Netscape 4.8 (which is less modern than Internet Explorer in other ways). Of course, the number of people in this category grows smaller on a daily basis.

A similar problem exists for users with older releases of MacOS X. Apple now strongly encourages all MacOS X users to use its own Safari browser. However, although users with brand-new Macintoshes only have Safari, not all existing MacOS X users have switched over from Internet Explorer. And versions of Safari found in MacOS prior to 10.3.5 don't recognize the newer certificates either— although the user can at least access the secure site after accepting a warning message.

Unlike the MacOS 9 users, users in this group do have the option of installing Firefox.

Very old Windows 95/98 systems running Internet Explorer versions prior to 5.01 can also, in theory, have trouble with such newer certificates. However these users have, in almost all cases, upgraded to Internet Explorer 5.01 or better. That's because Microsoft Windows Update has aggressively "pushed" that upgrade to existing systems in the field. And, of course, Windows 95/98 users also have the option of using Firefox.

Netscape 4.x users on all systems will have difficulty with newer certificates unless they have Netscape 4.8 or better. Even Netscape 4.8 is quite ancient and it's not unreasonable to tell a user stuck on Netscape 4.7 that if they really want to stick with Netscape 4.x, they can pick up version 4.8 from browser.netscape.com.

2. Some certificates are directly signed by a trusted root certificate, while others are "chained" from another "intermediate" certificate. This isn't really a problem, as long as the company selling you the chained certificate really does own the root certificate. But some webmasters get confused by intermediate certificates, fail to install them correctly, and mistakenly think they have purchased a bad certificate. So chained certificates are usually less expensive to allow for this inconvenience, even though there is no real technical disadvantage.

Chained certificates also have an "image problem:" some users worry that the intermediate certificate could be revoked by the owner of the root certificate. That's true, technically speaking. But godaddy, the biggest seller of chained certificates, owns its own root certificate as well.

3. Different certificates give different levels of assurance to your website visitors about who you are. Traditional "high-assurance" certificates verify that the secure site belongs to your company, while so-called "domain-only certificates" only promise that the website belongs to the person who controls your domain name. In practice, this is not a major issue for most sites, because website visitors are generally happy as soon as they see the "lock" icon in the lower left corner fo the browser window. Very few users look at the details of a secure site's certificate. And those who do will see that the secure site belongs to the legitimate owner of the domain name— and there's nothing confusing or frightening about that.

4. A few certificate authorities, notably Verisign and Thawte (Verisign's lower-cost subsidiary), offer "server-gated cryptography" certificates which claim to provide enhanced security to customers with very old computers (notably Internet Explorer on Macintoshes, Netscape 4.7 and below, and Internet Explorer 4). The idea here is that while these older browsers were limited to lower-quality, "export-grade" 56-bit or 64-bit encryption, SGC allows them to communicate with 128-bit encryption.

Does this matter? For almost all webmasters, no. Breaking 56-bit and 64-bit encryption, though theoretically practical for supercomputers, is far from easy. And users of such ancient computers are not likely to be experts on such an obscure issue. However, very large financial institutions might consider it worthwhile to purchase an SGC certificate, at prices beginning at $600/year. For the largest institutions, the name recognition benefit of SGC may be sufficient justification by itself.

The United States lifted the export restrictions responsible for the 64-bit encryption limit in 2000. Today's modern browsers support 128-bit and 256-bit encryption. Breaking a 128-bit or 256-bit encrypted connection is impractical even for supercomputers. And Microsoft offers a freely downloadable high encryption pack to allow users of very old Microsoft operating systems such as Windows 3.1 to use 128-bit encryption.

So what type of certificate should you buy? And who should you buy it from? It depends on your audience! Here are three common scenarios:

1. If, like most webmasters, your secure site is intended to sell products to the general public, and you have no special interest in serving users with very old computers, you can get by just fine with a chained, domain-only certificate from a newer certificate authority. This will cost you approximately $20/year. But bear in mind that a very small number of MacOS 9 users and a somewhat larger number of users with older versions of MacOS X, along with possibly the occasional Netscape 4.7 holdout on Windows, may complain that your certificate is not valid. You can recommend Firefox to the MacOS X and Windows 95/98 users, but a small number of MacOS 9 users may truly be stuck. To be sure, these users are used to having a tough time accessing modern websites at this point, and usually probably are not big purchasers of new products and services. In 2006, there are considerably newer computers sitting out on the curb on trash day.

For those in this group, I recommend a TurboSSL domain-only certificate from GoDaddy. These certificates currently cost $19.99/year, the lowest price of which I am aware. My own secure site currently uses a GoDaddy TurboSSL certificate.

2. If you are selling products to the general public, but have a much larger audience than the webmasters in the first group, then the thought of a "small number" of users who can't use newer certificates will be setting off alarm bells for you. That's because you know that, for a site as popular as yours, a "small number" of users will still translate to quite a bit of angry support email. So if you're earning enough revenue that $150 a year seems worthwhile to please these people, then you should get a certificate signed by an older certificate authority. The good news is that you can still use a "domain-only" certificate, which keeps the cost down to about $150.

For those in this group, I recommend an SSL123 domain-only certificate from Thawte. While $149/year is a great deal more money, Thawte's certificate authority has been trusted by web browsers for a longer time. You can expect smooth sailing even with customers who own old Macintoshes.

3. Your organization offers financial services, or requires especially private information from users, such as social security numbers. Users on such sites are more likely to check the detailed certificate information. And when they do, they will be much happier if they see that the certificate belongs to, for instance, "XYZ Banking Corporation, Example, Colorado." For organizations of this type, so much money is involved that even a small number of lost customers can translate to thousands of dollars. For these organizations, a high-assurance certificate from a long-established authority is the right way to go. High-assurance certificates from newer authorities can be had for $75 a year— but confused complaints of an "insecure site," even from a handful of users with older Macintoshes, aren't acceptable to you either. So you'll need a high-assurance certificate from a newer authority. Such certificates start at around $200 per year.

For most sites in this category, an SSL Web Server Certificate from Thawte, will do nicely, at $199/for a single year. For those to whom money is no object and reputation is everything, an SGC-enabled certificate from Verisign is the top of the line at $995/year. While, as I've explained, the benefits of SGC are not breathtaking, this is still the right choice if your organization must project an image of absolutely gold-plated security.

The relevance of SGC is expected to decline rapidly as the older browsers that may benefit from it (already less than 1% of users) switch over to newer computers.

Consider multiple-year deals when buying secure certificates. Scary warnings about expired certificates are not something you want your users to see, not even for a day. And most authorities offer significant price breaks for multiple years.

Legal Note: yes, you may use sample HTML, Javascript, PHP and other code presented above in your own projects. You may not reproduce large portions of the text of the article without our express permission.

Got a LiveJournal account? Keep up with the latest articles in this FAQ by adding our syndicated feed to your friends list!