Welcome to Shaun Luttin's public notebook. It contains rough, practical notes. The guiding idea is that, despite what marketing tells us, there are no experts at anything. Sharing our half-baked ideas helps everyone. We're all just muddling thru. Find out more about our work at bigfont.ca.

Choosing an SSL Certificate and Provider

Tags: ssl, web-development

Thursday, July 31, 2014 2:55:34 PM

Providers

The * indicates how many recommendations a provider received in the HN articles listed in the Resources section. One star means two mentions, two stars means three mentions.

  • StartSSL (free) * * * * * * * * * * * * * *
  • Namecheap * * * * * *
  • Gandi * * * *
  • RapidSSL * * *
  • DigiCert * *
  • Comodo * *
  • DNSimple *
  • GetSSL * *
  • Cacert (free)
  • GeoTrust
  • GlobalSign
  • Verisign
  • StartCom
  • CheapSSL *
  • PositiveSSL
  • Trustico
  • GoDaddy
  • Exoware
  • AlphaSSL

Scenarios

  • Self Signed Cert ( $0 ). Internal ( not public ) consumption only. Avoid.
  • Simple Cert ( $0 ). Secure login page for personal use. Recommended.
  • Basic Cert ( < $10 / yr ). Give access to more people.
  • Wildcard Cert ( < $90 / yr). Support all sub-domains of the primary domain.
  • EV Cert ( < $100 / yr ). Get the green bar; maybe important for your image, if you’re selling something.

Terminology & Jargon

  • EV. Extended Validation. This causes the green bar on the browser. Worth it?
  • Wildcard Certificates. These work on all sub-domains.
  • CA. Certificate Authority. This is the organization that issues the certificate.
  • MITM
  • Bundling in the CA
  • Certification Chaining
  • Certificate Bundling
  • CSR
  • Primary
  • Multiple domains, one certificate
  • Certificate acceptance (e.g. “They have slightly lower acceptance…”)
  • SNI Certificate

Resources

Ask HN: What's the best company to buy SSL certificates from? (from 2011 – lots of comments)

Ask HN: Recommended SSL CA? (from 2014 – few comments)

Ask HN: what provider do you use for SSL certificates? (from 2014 – few comments)

Ask HN: What SSL certificate provider are you using and why? (from 2013 – few comments)

Ask HN: Where should someone buy a SSL certificate? (from 2014 – few comments)

Ask HN: Recommended SSL CA? (from 2014 – few comments)

https://stripe.com/help/ssl (good advice on setting up SSL)

https://www.ssllabs.com/ssltest/ (check whether you correctly setup your SSL Certificate)

https://konklone.com/post/switch-to-https-now-for-free?hn (explains how to use StartSSL)