NXT
Blog

SSL Certificates: Can you compare them like for like?

by Richard Wilson Senior Developer

 Posted on January 03, 2013

With the ever increasing threat of data security and demand for eCommerce functionality, we have discussed the options in deciding an appropriate SSL certification for your website. Prices start from £45 per year ranging up to £1,000+ for seemingly the same product. So why the differential in cost and do you get what you pay for?

SSL or secure sockets layer are cryptographic protocols that provide security to any transactions or data transfer over the internet. Almost all Internet software including web browsers, web servers, email clients, VPN clients, etc. support SSL encryption out of the box. However, they require a certificate before SSL can be enabled. This is because the certificate contains the public key that identifies the server, a critical part of the process. The certificate also contains what is called the “subject”. This includes the identity of the certificate owner (organisation name and location). The most important part of an SSL certificate is that it is digitally signed by a trusted authority. Why is that? Well, anyone can create their own certificate in a matter of seconds. Just like making your own driver’s license, it doesn't do much to prove your identity.

You can ensure that the driver’s license you are looking at was created by your government, you can trust that is accurately identifies the person it was issued to. Your web browser contains a list of organisations called Certificate Authorities that are automatically trusted, just like your government would be trusted to create driver’s licenses. This means that a Certificate Authority (e.g. GeoTrust, GoDaddy, Symantec, Thawte etc) can issue an SSL certificate identifying your organisation and the certificate will be trusted by nearly all the computers in the world because they all trust the certificate authority by default. It also makes it very difficult for an attacker to set up a phishing site to phish your visitors because a Certificate Authority won’t issue them a certificate for your website. Using an SSL certificate from a trusted authority allows you to be authenticated, gain your customers’ trust and protect your site against phishing.

So we now know we need an SSL certificate but which one should we use? Good question. The first few questions to ask would be:
A) How many domains names do you need to secure? (One domain name, one domain with multiple sub-domains and wildcard or multiple domains)
B) How important is gaining your customers trust? (This might include features such as a green address bar, name displayed on a certificate or have no visible warning messages)
C) What is your budget?

So when comparing your SSL choices here are NXT's top 10 points to consider:

1) Number of certificates included – as stated in point one above
2) Domains secured – most vary so worth checking with your chosen provider
3) Speed of having a SSL issued – this can take 1hour or up to 14 days and can be quite annoying when in a rush
4) Encryption strength – Most run up to 256 bits which is pretty standard but some may go up to 1000+bits depending upon the security required
5) Includes a Trust seal – this helps build online trust
6) Support options – seems obvious but limited support can be frustrating when setting up or changing website details 7) Warranty – this can range from £1,000 - £10,000,000 this will make a big influence on price, similar to that of insurance premiums
8) Refund Policy – worth checking, especially if you have placed the SSL on the wrong domain (it happens!)
9) Validation requirements
10) Browser compatibility- important if you are using old versions of IE. At NXT we use a variety of SSL’s depending upon client circumstances.

Do you need help in setting up your web services or hosting with encryption? Please let us know, we would be happy to help.