where do I buy a SSL certificate?

Hi

I've got at website that needs to run https and I understand you need to
purchase an SSL certificate to do so. But what is a fair price and does
it matter from who I buy and what I buy?

My site is located in .dk and the only reason for the https is, I have
som images that is included in a webshop (running https) on another
website (fortunately I don't have to install the certificate myself, the
company hosting my site does that).

rapidssl.com has a certificate which seems okay to me - one year $69
(https://www.rapidssl.com/ssl-certifi...-rapidssl.htm).
Should I go for that ?


Thanx

Ask

Ask Josephsen

Ask Josephsen wrote:
> Hi
>
> I've got at website that needs to run https and I understand you need to
> purchase an SSL certificate to do so. But what is a fair price and does
> it matter from who I buy and what I buy?

You'd better take care that the issuer's cert is already shipped with
most webbrowsers.

The bigger problem is that every such CA is a scumbag, especially the
cheaper ones.

> rapidssl.com has a certificate which seems okay to me - one year $69
> (https://www.rapidssl.com/ssl-certifi...-rapidssl.htm).
> Should I go for that ?

This one's not.

Sebastian Gottschalk

You can create your own self-signed certificate, it will give your user
a warning about it, but works just the same http://www.verisign.com is
probably the biggest seller of certs, very trusted

Journeyman

Journeyman wrote:
> You can create your own self-signed certificate, it will give your user
> a warning about it, but works just the same http://www.verisign.com is
> probably the biggest seller of certs, very trusted

I'd trust a random self-signer more than VeriSign. I just remember some
anonymous guy anonymously phoning VeriSign and they gave him a signature
for a cert with CN=Microsoft Corporation.

Sebastian Gottschalk

hi,

have a look at http://www.cacert.org
they offer certs for free but the root cert is (not yet) included in most
browsers

jewo

jewo

Ask Josephsen wrote:
> Hi
>
> I've got at website that needs to run https and I understand you need to
> purchase an SSL certificate to do so. But what is a fair price and does
> it matter from who I buy and what I buy?
>
> My site is located in .dk and the only reason for the https is, I have
> som images that is included in a webshop (running https) on another
> website (fortunately I don't have to install the certificate myself, the
> company hosting my site does that).
>
> rapidssl.com has a certificate which seems okay to me - one year $69
> (https://www.rapidssl.com/ssl-certifi...-rapidssl.htm).
> Should I go for that ?
>
>
> Thanx
>
> Ask

https://www.thawte.com/ssl-digital-c...ssl/index.html

unixsphere

unixsphere wrote:

> https://www.thawte.com/ssl-digital-c...ssl/index.html

Yeah, the guys who're sending you an encrypted cert and the password in
cleartext.

Sebastian Gottschalk

Ask Josephsen <ask_rem@rem_minreklame.dk> writes:
> I've got at website that needs to run https and I understand you
> need to purchase an SSL certificate to do so. But what is a fair
> price and does it matter from who I buy and what I buy?

it is also possible to generate your own self-signed SSL certificate
and have clients that need to access your site ... validate the
certificate via some out-of-band process.

i regularly access some number of https sites with self-signed
certificates ... where my browser initially complains it is signed by
an unknown certification authority (itself) and gives me an
opportunity to view it, accept it for the current session, and/or load
it for long term acceptance (basically into the same repository that
contains the certification authority self-signed digital certificates
that were loaded as part of building the browsers).

if you really want to buy one ... go to the security menu in the
browsers (that will be typically used by your clients) and do a list
of the currently loaded self-signed digital certificates ... this will
give you an indication of which certification authorities that the
browsers are currntly configured to automatically accept.

numerous collected past postings mentioning ssl and ssl digital
certificates
http://www.garlic.com/~lynn/subpubkey.html#sslcert

--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

Anne & Lynn Wheeler

Ask Josephsen <ask_rem@rem_minreklame.dk> writes:
> I've got at website that needs to run https and I understand you
> need to purchase an SSL certificate to do so. But what is a fair
> price and does it matter from who I buy and what I buy?

it is also possible to generate your own self-signed SSL certificate
and have clients that need to access your site ... validate the
certificate via some out-of-band process.

i regularly access some number of https sites with self-signed
certificates ... where my browser initially complains it is signed by
an unknown certification authority (itself) and gives me an
opportunity to view it, accept it for the current session, and/or load
it for long term acceptance (basically into the same repository that
contains the certification authority self-signed digital certificates
that were loaded as part of building the browsers).

if you really want to buy one ... go to the security menu in the
browsers (that will be typically used by your clients) and do a list
of the currently loaded self-signed digital certificates ... this will
give you an indication of which certification authorities that the
browsers are currntly configured to automatically accept.

numerous collected past postings mentioning ssl and ssl digital
certificates
http://www.garlic.com/~lynn/subpubkey.html#sslcert

--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

Anne & Lynn Wheeler

Anne & Lynn Wheeler <> writes:
> i regularly access some number of https sites with self-signed
> certificates ... where my browser initially complains it is signed by
> an unknown certification authority (itself) and gives me an
> opportunity to view it, accept it for the current session, and/or load
> it for long term acceptance (basically into the same repository that
> contains the certification authority self-signed digital certificates
> that were loaded as part of building the browsers).

the real major difference between a self-signed digital certificate
that you generate ... and a self-signed digital certificate generated
by some certification authority ... it that the certificate
authorities have convinced the browser vendors (typically by paying
them) to preload their digital certificates into the browser's digital
certificate repository when the browser is built.

however, it is straight-forward operation for clients to do
post-install administrative operations on their browser's digital
certificate repository (adding and/or deleting digital certificates).

--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

Anne & Lynn Wheeler