What's the difference between rapidSSL and geotrust certificates? [closed]
Asked Answered
N

7

47

I want to buy a 128bit SSL certificate for a website selling services. I checked http://www.rapidssl.com/ssl-certificate-products/ssl-certificate.htm and http://www.geotrust.com/ssl/compare-ssl-certificates.html. Why are the prices for QuickSSL (Geotrust, $249) and RapidSSL (rapidSSL, $69) so different? Is there any particular reason for this or it's just marketing?

RapidSSL says the following:

However it is our opinion that sites conducting more than 50 transactions will require a Professional Level SSL certificate due to the increased likelihood that the website's customers will expect SSL from a highly credible and established SSL provider and well known internationally accepted SSL brand.

(by "professional level SSL" they mean Geotrust certs)

P.S. will users really pay attention to the SSL issuing authority brand name?

Nowak answered 1/10, 2008 at 12:2 Comment(2)
"Customers will expect SSL from a highly credible and established SSL provider" - Ha! Sounds like sales talk. I've actually never heard of anyone inspecting an SSL certificate to determine the root provider before purchasing something, and being a web developer myself do mix with a lot of technical people.Bulletin
I can't believe this question has been marked as 'off-topic.' I came here today to ask this very question.Feign
U
54

The job of the SSL certificate authority(CA)/provider is to validate your organizational identity so that when customers access your web site, they not only get the padlock for security, but they know that your identity as the fully qualified hostname are authentic and not some phishing scam.

True, most all users look no further than the padlock indicating secure connection to their bank web site, email, etc. However, if any CA were to become compromised, all browsers who trust that CA would be vulnerable, because an attacker could forge a certificate for any domain, including yours. Your choice of certificate provider has no bearing on this. I have yet to hear about this actually happening. MITM attacks are a big deal now with wireless hotspots becoming more and more prevalent.

One more thing is browser compatibility. You would expect that your newly purchased cert be compatible with every modern browser. This is because they are all loaded with a list of root CA certs that trust a select list of SSL certificate authorities. If you buy from a CA that is not on that list, all your client browsers will get a security warning that the site's cert is not trusted. Just doublecheck that RapidSSL, Geotrust, or whoever you go with is in the list of all the browsers you care about. (e.g. for Firefox, it's at Tools/Options/Advanced/Encryption/View Certificates/Authorities tab)

In the end, just get the cheapest one that gives you the level of encryption you want. It'll get the job done. Check with your web host provider. They may have discounts.

Undersea answered 1/10, 2008 at 12:40 Comment(0)
U
19

To clarify, both are owned by Geotrust(R) . One difference is that Geotrust certificates use "Geotrust" root, and RapidSSL certificates use "Equifax" root, which will be shown in the certificate info "Issued by".

Uncommunicative answered 21/2, 2011 at 5:28 Comment(1)
I've not met any user who even remotely cares which root has issued an SSL certificate. (...Unless, I guess, it was to ever become compromised as noted by @spoulson, but until then I doubt it matters.)Bulletin
M
13

I know this has an accepted answer already, but there is another aspect.

The more expensive SSL certificates usually have a better warranty when it comes to fraud. A lower cost SSL cert may cover $10,000 worth of fraud whereas a higher cost SSL cert may cover you for $100,000, for example.

Measure answered 9/10, 2008 at 11:35 Comment(4)
Has anyone ever claimed one of these payouts?Millwater
THAT is a good question.Pee
That is a good question. I wonder what the procedure is for making such a claim?Moss
Quoting knowledge.rapidssl.com/support/ssl-certificate-support/… section "What is the Warranty?" -- "The warranty protects the end user if we mis-issue a certificate. It is worth noting that other SSL Providers use warranty as a means of adding perceived value to their offerings, as such will offer the same certificate with higher warranties and then charge more for the certificate! We want to make it clear that warranty has not been collected on any SSL Certificate, ever!" So at least for rapidSSL the number of claims is quite low ;)Banc
F
6

they both do the same job, just brand perception i guess

honestly i don't think the end user would even notice. as long as they see the little padlock they will be happy

ps. godaddy certs are cheaper

Fielder answered 1/10, 2008 at 12:9 Comment(1)
thanks a lot for your reply, I was also thinking that clients wouldn't even check who issued the certificate if their browsers trust the CA.Nowak
F
1

This has a good overview of the RapidSSL faqs.

This will give you the same for the QuickSSL.

The main difference in these certificates is the amount of verification during purchase. The encryption is basically the same for both.

Fanestil answered 11/5, 2011 at 9:23 Comment(1)
So you pay more to jump through more hoops, while the amount of protection is the same? That sounds crazy.Bulletin
A
-1

As for the warranty mentioned above, as far as I understand this is a warranty to the "end user" in case the certificate authority issues a certificate to a fraudulent person/domain. It is not a warranty to the website owner.

Academic answered 29/1, 2013 at 9:16 Comment(0)
U
-1

Pretty late to the game but there is one other detail worth noting here--RapidSSL is not on IE8's list of trusted authorities.

Underground answered 20/8, 2013 at 15:45 Comment(1)
Do you any more data on this? I don't believe this is an issue with RapidSSL.Radarscope

© 2022 - 2024 — McMap. All rights reserved.