Why is there such a big difference in the prices of SSL Certs?

blatantrereg

The cheapest SSL cert offered by Verisign costs £259 sterling per year before tax, or $599 USD (for servers outside America).

Godaddy, and various other vendors, offer what looks like the same spec for $10 per year - and give permission to install it on multiple servers.

What is the difference beyond the branding to justuify the price? I'm guessing that Godaddy and the like offer the same certs to multiple customers and Verisign don't - therefore Verisign certs are more secure?

h57xiucj2z946q

blatantrereg wrote: »

The cheapest SSL cert offered by Verisign costs £259 sterling per year before tax, or $599 USD (for servers outside America).

Godaddy, and various other vendors, offer what looks like the same spec for $10 per year - and give permission to install it on multiple servers.

What is the difference beyond the branding to justuify the price? I'm guessing that Godaddy and the like offer the same certs to multiple customers and Verisign don't - therefore Verisign certs are more secure?

Some platforms don't have certain vendor's certs. e.g. early android releases didn't support all vendors, so you may have security/permission problems and/or warnings with some application.

Gavin

I'd imagine you are paying for the authentication behind a Verisign certificate which is probably a bit more stringent that a $10 GoDaddy one. That is, the authentication of the person/company receiving the certificate. Just guessing

Capt'n Midnight

Too many "Me Too" organisations with poor security issuing certs these days :mad:

Problem is they have diluted the "SSL cert" brand too much.

Do your research , but remember that most commercial organisations don't report bad news.


http://www.theregister.co.uk/2011/09/12/globalsign_security_breach/

With its admission, GlobalSign's breach becomes at least the seventh time an entity that issues SSL certificates has been hacked this year. Four resellers of Comodo have been compromised, including one that allowed the attackers to mint fraudulent credentials for GMail and six other sensitive addresses. A similar attack hit Israel-based StartSSL, but the attackers didn't succeed in securing the bogus certificates.

http://www.theregister.co.uk/2011/09/07/globalsign_suspends_ssl_cert_biz/

Forged certificates created the mechanism to pose as the targeted websites as part of either man-in-the-middle or phishing attacks. Forged Google.com SSL credentials were used to spy on 300,000 Iranian internet users, according to authentication lookup logs on DigiNotar's systems, and separate evidence from Trend Micro.

UDP

Op, you are paying for the name of the company issuing the cert - they also offer a warranty but that is pointless. Verisign do more checks than most other cheaper companies too from what I see so I'm sure that's part of the cost. Check out instant ssl certs by comodo as an in between level cost wise which should be supported by the same browsers as verisgns.

gerryk

UDP wrote: »

Op, you are paying for the name of the company issuing the cert - they also offer a warranty but that is pointless. Verisign do more checks than most other cheaper companies too from what I see so I'm sure that's part of the cost. Check out instant ssl certs by comodo as an in between level cost wise which should be supported by the same browsers as verisgns.

Why would that matter? The root CA certs are in the browser, and they all have equal meaning there, so how can teh higher price be justified?

It's not like people check the CA that signs every cert to see if they're more or less trustworthy?