SSL Certificates

I'm looking to buy an SSL certificate for my website. Godaddy has a special on for $5.99 rather than $99/ year.

Is there any difference between different providers in regards to these certificates?
The host i'm with, Zuver, has them from $50/ year. I'm thinking of taking opportunity with the godaddy special and then switching when the year expires but i don't really know much about these things so i'm looking for some advice.
Am i doing the right thing?

 

Why not try letsencrypt?

Im going to move a couple of sites to that when my godaddy certs expire later in the year.

 

Wasn't aware of that, I checked it out and i've got it enabled on my domain now, thanks for the tip.

I wonder if there is any difference between this and paid certificates?

 

you have to renew it manually or set up scripts for the 3 month expiry

Also doesn't support wildcard domains so you need to add

a.example.com
b.example.com
..
z.example.com

manually

 

WIldcard domains will be available from january

That will make life easy

 

nope its a couple of letters on something digital, as far as difference. Like anything digital, there is NO difference, other then symantec...

Just google symantec ssl certificates and google chrome to see why.

 

What the actual fuck? There is a big difference depending on the SSL provider. Letsencrypt is totally fine, but to say there is no difference is just the worst advice you could give.

 

Why?

Because some say they provide checks to verify the domain name? hahahahahahahahahahahahahahahahaha yeah right.

Its different if your talking about those that provide "Insurance" or whatever i'd love to see someone having claimed successfully on them. and EV or OV, i wouldn't want to know how little them kind of folks are paid to verify that stuff, and how easy it would be to social engineer them.

Like i said Google Vs Symantec is a great point in case, along with all the other providers who have done dumb things and given out certs to fraudulant requesters. At the end of the day, its just a name on a few digital bits, paying more for it is stupid in the extreme.

If you want one of the green EV/OV certs go for it, stump up more cash, but to me it doesn't intrinsically give me anymore trust then any of the other signed certs.

At the end of the day, next to no users pay any real difference to them, so long as their valid and your browser isn't shitting itself with warnings about them. in 20+ years i've never had a user ever mention to me that our cert is not an EV/OV one. The only likely people to care would maybe be an insurance company assessor looking to get out of a claim.

Given the OP is looking at spending $9 on a ssl cert, i'd say the difference to them is Zero.

 

For them the difference might be minimal. But to say like everything digital there is no difference is idiotic. Even taking out insurance, EV etc for now. Some just don't offer the same things, wildcard isn't supported in letsencrypt as an example.

Not to mention the difference between things like automated validation vs manual validation etc.

 

wildcard is coming to letsencrypt next year, and personally given almost all data breaches for exfiltration have come from lazy outsourced staff giving access to things they shouldn't, i'd trust an automated check rather then a human one.

I know its gonna wind you up, but to me its similiar to using dvd decryptor of ffmpeg or whatever to decrypt a dvd and recode it to something else, all other settings being even. The only real difference is the copyright stamp at the end of the stream. If you want to pay for that be my guest. GIven the symantec issue, and all their sub sellers, it just goes to show that just because your paying big bucks for a "EV/OV" Cert doesn't mean the moron behind the check is any better or worse then the freeby provider.

Also given that google uses a DV or "Cheap" according to you ssl cert, i think that is good enough for the world. I could also bring up the mountain-america case as well as a bunch of others.

Take from that what you will.

 

Good to know wildcard is cominh, it has put me off using more subdomains just because i dont want to modify my configs and scripts, too scared to break something.

 

It's coming, doesn't mean it's there mate. That is my entire point, not all are the same! You can spin it how you want to, but if you think in any digital asset there are no differences you have no idea what you are talking about.

 

SSL certs are annoying.

Generating your own is a cake walk, and that gets your end-to-end encryption sorted and when it comes to MITM attacks it's no more safer than an equivalent certificate generated from any authority.

You just have to trust that the user knows to only accept correct certificates and not any old cert that gets presented.

Certificate authorities and chains are a joke,why should you trust any of them any more than any other to do secure entity checking, but thats what it comes down to, the cert encryption is the same it's just the rubber stamp on the front that is different.