SSL cert pricing : too cheap to be true ??

Forums › IT Pro and developers › SSL cert pricing : too cheap to be true ??

1101

1704 posts

Uber Geek
+1 received by user: 410

Topic # 171978 7-May-2015 15:03

Hi There

Im looking into SSL cert pricing , just a basic cert for Outlook Anywhere, OWA etc
I dont want certs that have to be manually installed.

The pricing seem all over the place. Some prices seem too low to be true, with reseller pricing starting at $5
Godaddy $90

Rapid SSl seems cheap , $32 ($11 if you are a reseller),
https://www.trustico.co.nz/dv/rapidssl/cheap-rapidssl-certificate.php

and some other resellers offer SSL certs from $5 for a Comodo SSL. Whats the catch, seems too cheap.
https://www.ssls.com/domain-only.html

Would these cheap certs cause issues with not being fully trusted, as is ?
I dont want certs that have to be manually installed.

The naming of these certs is confusing, Positve SSL, Rapid SSL, Quick SSL
Which would I require , just for OWA Outlook anywhere etc. Do I need any more than the most basic of SSL cert ?

Any advice would be appreciated.
In the past I just went to digicert etc & paid there comparatively high pricing (starting at $155)

1 | 2

152 posts

Master Geek
+1 received by user: 49

Reply # 1299944 7-May-2015 15:28

normally need a SAN cert because you will have multiple subdomains & servers.

freitasm

BDFL - Memuneh
62991 posts

Uber Geek
+1 received by user: 13566

Administrator

Trusted

Geekzone

Lifetime subscriber

Reply # 1299947 7-May-2015 15:33

One person supports this post

The annoying thing is that you go to some of these cert companies and they have as you noticed confusing names that don't help.

Then you have things like RapidSSL certificates, which is a Geotrust company, which is part of Verisign, which is now part of Symantec. So why do they have to have dozens of different names for the same product?

Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) |

My technology disclosure | Business Transformation | Enterprise Content Management | Customer Relationship Management | Sharesies investment fund

xcubed

170 posts

Master Geek
+1 received by user: 8

Reply # 1299949 7-May-2015 15:36

If it's just for an HTTPS website, then you can get free ones from StartSSL.
Ultimately, a certificate is only as secure as the site that it is hosting, so there's no point spending lots of money on a certificate, as an expensive certificate doesn't provide a more secure connection.

timmmay

14637 posts

Uber Geek
+1 received by user: 2719

Trusted

Subscriber

Reply # 1299956 7-May-2015 15:41

Can you clarify what you're trying to achieve - encrypted email for your client, or providing say OWA over an SSL connection? Cloudflare provides free automatic SSL if you can tolerate its limitations, which are minor for many.

1101

1704 posts

Uber Geek
+1 received by user: 410

Reply # 1300001 7-May-2015 16:20

Outlook Anywhere (Outlook via RPC over HTTP) wont work with self signed certs

So a need a SSL cert , just for OWA & Outlook anywhere.
single domain name, dont need a wildcard cert.
I dont want to have to muck about trying to install untrusted certs on PC's & I dont think that works any more for Outlook Anywhere .

ajobbins

Awesome
4841 posts

Uber Geek
+1 received by user: 1097

Trusted

Subscriber

Reply # 1300019 7-May-2015 16:54

I use a heap of free certs from StartSSL. All work fine, but are single domain only

Twitter: ajobbins

MadEngineer

1768 posts

Uber Geek
+1 received by user: 494

Reply # 1300031 7-May-2015 17:02

2 people support this post

Wait, certificates you don't have to manually install? Is that like it comes with a trusted monkey that does the device export for you?

nathan

5106 posts

Uber Geek
+1 received by user: 1421

Trusted

Microsoft

Reply # 1300070 7-May-2015 18:44

One person supports this post

1101: Outlook Anywhere (Outlook via RPC over HTTP) wont work with self signed certs

So a need a SSL cert , just for OWA & Outlook anywhere.
single domain name, dont need a wildcard cert.
I dont want to have to muck about trying to install untrusted certs on PC's & I dont think that works any more for Outlook Anywhere .

it can be made to work with self signed

but what's the point. SAN certs are very low cost these days

you'd only go down the self signed path path if time did not equal money and you were stupid.

Inphinity

2533 posts

Uber Geek
+1 received by user: 940

Subscriber

Reply # 1300071 7-May-2015 18:45

MadEngineer: Wait, certificates you don't have to manually install? Is that like it comes with a trusted monkey that does the device export for you?

An SSL cert whose root authority is trusted by the client already (assuming the path is correct blah blah), won't need to be specifically installed on the client device. Google don't send a tech - sorry, trusted monkey - around to everyone's house to install their certs on all your devices when they renew them...

Dynamic

2517 posts

Uber Geek
+1 received by user: 750

Trusted

Lifetime subscriber

Reply # 1300079 7-May-2015 19:11

We use the trustico rapidssl certificates in a large range of server situations and have had zero issues. Not seen StartSSL before now.

"4 wheels move the body. 2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

jnimmo

What does this tag do
998 posts

Ultimate Geek
+1 received by user: 211

Subscriber

Reply # 1300227 7-May-2015 22:02

Grab a RapidSSL cert from ssls.com for 3 years or something.. $27 USD, maybe even get away with the slightly cheaper PositiveSSL from Comodo there but possibly slightly less recognition.
1 year is a pain :)
Use SHA-256 or the key instead of SHA-1 if you don't want Google Chrome popping up warnings

MadEngineer

1768 posts

Uber Geek
+1 received by user: 494

Reply # 1300250 7-May-2015 22:11

Inphinity:
MadEngineer: Wait, certificates you don't have to manually install? Is that like it comes with a trusted monkey that does the device export for you?

An SSL cert whose root authority is trusted by the client already (assuming the path is correct blah blah), won't need to be specifically installed on the client device. Google don't send a tech - sorry, trusted monkey - around to everyone's house to install their certs on all your devices when they renew them...

ah I was referring to the manual install comment but I get what he means now :) (manual install on the visitors browser rather than on your server. setting up a cert on your server is still a manual process)

Quacko

19 posts

Geek
+1 received by user: 4

Reply # 1300270 7-May-2015 22:40

One person supports this post

I recommend DigiCert www.digicert.com

They are a step above the super-cheap/free certs, on par with those you would get from Thawte or Verisign, but cheaper.

CapBBeard

202 posts

Master Geek
+1 received by user: 28

Reply # 1300278 7-May-2015 22:57

Sidenote on SSL deployment, I'd recommend verifying your installation with something like https://www.ssllabs.com/ssltest/

This will show up any areas for strengthening or where configuration could be enhanced. A couple of little tweaks can make a massive difference.

Regs

Infrastructure Geek
4057 posts

Uber Geek
+1 received by user: 195

Trusted

Microsoft NZ

Subscriber

Reply # 1300281 7-May-2015 23:01

One person supports this post

I believe that much of the price difference comes in the sort of insurance you get with the cert. If you're running an online ecommerce site, or storing peoples PII, then you probably want to pay for the ones with extra protection. You may not need that insurance though, so the cheap ones will usually work fine - but some don't have trusted roots across all devices

Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs

1 | 2