Digital certificates - Advice needed

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


Should we get a cheaper digital certificate this year?

My client runs an ecommerce website and their web hosting company is
now charging GBP 145.00 (i.e. US$ 199)(+VAT) for a digital
certificate. (Fwiw, I think this came from from "UNT-USERFirst-
Hardware" it seems).

Are we paying too much?

Frankly, just so long as the Golden Padlock shows a) the client's
company name and b) that it is not out of date... to be honest I can't
imagine many customers care beyond that.

So is there any good reason for not going cheaper?
(e.g. Go Daddy/Commodore etc)


Shiperton Heneteh

Re: Digital certificates - Advice needed

ship wrote:
Quoted text here. Click to load it


IMHO, most digital certificates are way overpriced.  You can create your
own self-signed certificate for nothing - but the problem is, the signer
won't be recognized by the browser, and the customer will get a message
indicating so.  And as anyone can create a self-signed certificate, it
really doesn't provide any protection for the client, other than
encrypting the data on the way (you don't really know who is at the
other end).

So, the solution is to go with a certificate provider which is
recognized by browsers.  IMHO, as long as you do that, you don't need to
spend hundreds of dollars for one.

P.S. I do use self-signed certificates - but that is only for sites
which have no need for clients to have encrypted data, but would be
useful for administrative purposes.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Re: Digital certificates - Advice needed

Quoted text here. Click to load it

You can also use PKCS to certify self-created certificates, following
the GPG / OpenPGP "Web of Trust" model rather than the "We're a big
corporate name and we certify that you aren't someone we'd refuse to
take money from" model.

It's not much use for public web stuff, as the clients won't
understand it, but it's useful if you're selling intranet apps to a
group of clients you have a close releationship with. Look at the
Legion of the Bouncy Castle site for more details.

Site Timeline