Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1704 posts

Uber Geek
+1 received by user: 410


Topic # 171978 7-May-2015 15:03
Send private message

Hi There

Im looking into SSL cert pricing , just a basic cert for Outlook Anywhere, OWA etc
I dont want certs that have to be manually installed.

The pricing seem all over the place. Some prices seem too low to be true, with reseller pricing starting at $5
Godaddy $90

Rapid SSl seems cheap , $32 ($11 if you are a reseller),
https://www.trustico.co.nz/dv/rapidssl/cheap-rapidssl-certificate.php
 
and some other resellers offer SSL certs from $5 for a Comodo  SSL. Whats the catch, seems too cheap.
https://www.ssls.com/domain-only.html

Would these cheap certs cause issues with not being fully trusted, as is ?
I dont want certs that have to be manually installed.

The naming of these certs is confusing, Positve SSL, Rapid SSL, Quick SSL
Which would I require , just for OWA Outlook anywhere etc. Do I need any more than the most basic of SSL cert ?

Any advice would be appreciated.
In the past I just went to digicert etc & paid there comparatively high pricing (starting at $155)

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
152 posts

Master Geek
+1 received by user: 49


  Reply # 1299944 7-May-2015 15:28
Send private message

normally need a SAN cert because you will have multiple subdomains & servers.

BDFL - Memuneh
62991 posts

Uber Geek
+1 received by user: 13566

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1299947 7-May-2015 15:33
One person supports this post
Send private message

The annoying thing is that you go to some of these cert companies and they have as you noticed confusing names that don't help. 

Then you have things like RapidSSL certificates, which is a Geotrust company, which is part of Verisign, which is now part of Symantec. So why do they have to have dozens of different names for the same product?






 
 
 
 


170 posts

Master Geek
+1 received by user: 8


  Reply # 1299949 7-May-2015 15:36
Send private message

If it's just for an HTTPS website, then you can get free ones from StartSSL.
Ultimately, a certificate is only as secure as the site that it is hosting, so there's no point spending lots of money on a certificate, as an expensive certificate doesn't provide a more secure connection.

14637 posts

Uber Geek
+1 received by user: 2719

Trusted
Subscriber

  Reply # 1299956 7-May-2015 15:41
Send private message

Can you clarify what you're trying to achieve - encrypted email for your client, or providing say OWA over an SSL connection? Cloudflare provides free automatic SSL if you can tolerate its limitations, which are minor for many.



1704 posts

Uber Geek
+1 received by user: 410


  Reply # 1300001 7-May-2015 16:20
Send private message

Outlook Anywhere (Outlook via RPC over HTTP) wont work with self signed certs


So a need a SSL cert , just for OWA & Outlook anywhere.
single domain name, dont need a wildcard cert.
I dont want to have to muck about trying to install untrusted certs on PC's & I dont think that works any more for Outlook Anywhere .

Awesome
4841 posts

Uber Geek
+1 received by user: 1097

Trusted
Subscriber

  Reply # 1300019 7-May-2015 16:54
Send private message

I use a heap of free certs from StartSSL. All work fine, but are single domain only




Twitter: ajobbins


1768 posts

Uber Geek
+1 received by user: 494


  Reply # 1300031 7-May-2015 17:02
2 people support this post
Send private message

Wait, certificates you don't have to manually install? Is that like it comes with a trusted monkey that does the device export for you?

5106 posts

Uber Geek
+1 received by user: 1421

Trusted
Microsoft

  Reply # 1300070 7-May-2015 18:44
One person supports this post
Send private message

1101: Outlook Anywhere (Outlook via RPC over HTTP) wont work with self signed certs


So a need a SSL cert , just for OWA & Outlook anywhere.
single domain name, dont need a wildcard cert.
I dont want to have to muck about trying to install untrusted certs on PC's & I dont think that works any more for Outlook Anywhere .


it can be made to work with self signed

but what's the point.  SAN certs are very low cost these days

you'd only go down the self signed path path if time did not equal money and you were stupid.

2533 posts

Uber Geek
+1 received by user: 940

Subscriber

  Reply # 1300071 7-May-2015 18:45
Send private message

MadEngineer: Wait, certificates you don't have to manually install? Is that like it comes with a trusted monkey that does the device export for you?


An SSL cert whose root authority is trusted by the client already (assuming the path is correct blah blah), won't need to be specifically installed on the client device. Google don't send a tech - sorry, trusted monkey - around to everyone's house to install their certs on all your devices when they renew them...

2517 posts

Uber Geek
+1 received by user: 750

Trusted
Lifetime subscriber

  Reply # 1300079 7-May-2015 19:11
Send private message

We use the trustico rapidssl certificates in a large range of server situations and have had zero issues. Not seen StartSSL before now.




"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

What does this tag do
998 posts

Ultimate Geek
+1 received by user: 211

Subscriber

  Reply # 1300227 7-May-2015 22:02
Send private message

Grab a RapidSSL cert from ssls.com for 3 years or something.. $27 USD, maybe even get away with the slightly cheaper PositiveSSL from Comodo there but possibly slightly less recognition.
1 year is a pain :)
Use SHA-256 or the key instead of SHA-1 if you don't want Google Chrome popping up warnings

1768 posts

Uber Geek
+1 received by user: 494


  Reply # 1300250 7-May-2015 22:11
Send private message

Inphinity:
MadEngineer: Wait, certificates you don't have to manually install? Is that like it comes with a trusted monkey that does the device export for you?


An SSL cert whose root authority is trusted by the client already (assuming the path is correct blah blah), won't need to be specifically installed on the client device. Google don't send a tech - sorry, trusted monkey - around to everyone's house to install their certs on all your devices when they renew them...
ah I was referring to the manual install comment but I get what he means now :)  (manual install on the visitors browser rather than on your server. setting up a cert on your server is still a manual process)

19 posts

Geek
+1 received by user: 4


  Reply # 1300270 7-May-2015 22:40
One person supports this post
Send private message

I recommend DigiCert www.digicert.com


They are a step above the super-cheap/free certs, on par with those you would get from Thawte or Verisign, but cheaper.

202 posts

Master Geek
+1 received by user: 28


  Reply # 1300278 7-May-2015 22:57
Send private message

Sidenote on SSL deployment, I'd recommend verifying your installation with something like https://www.ssllabs.com/ssltest/

T
his will show up any areas for strengthening or where configuration could be enhanced. A couple of little tweaks can make a massive difference.

Infrastructure Geek
4057 posts

Uber Geek
+1 received by user: 195

Trusted
Microsoft NZ
Subscriber

  Reply # 1300281 7-May-2015 23:01
One person supports this post
Send private message

I believe that much of the price difference comes in the sort of insurance you get with the cert.  If you're running an online ecommerce site, or storing peoples PII, then you probably want to pay for the ones with extra protection.  You may not need that insurance though, so the cheap ones will usually work fine - but some don't have trusted roots across all devices




Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Orcon announces new always-on internet service for Small Business
Posted 18-Apr-2019 10:19


Spark Sport prices for Rugby World Cup 2019 announced
Posted 16-Apr-2019 07:58


2degrees launches new unlimited mobile plan
Posted 15-Apr-2019 09:35


Redgate brings together major industry speakers for SQL in the City Summits
Posted 13-Apr-2019 12:35


Exported honey authenticated on Blockchain
Posted 10-Apr-2019 21:19


HPE and Nutanix partner to deliver hybrid cloud as a service
Posted 10-Apr-2019 21:12


Southern Cross and ASN sign contract for Southern Cross NEXT
Posted 10-Apr-2019 21:09


Data security top New Zealand consumer priority when choosing a bank
Posted 10-Apr-2019 21:07


Samsung announces first 8K screens to hit New Zealand
Posted 10-Apr-2019 21:03


New cyber-protection and insurance product for businesses launched in APAC
Posted 10-Apr-2019 20:59


Kiwis ensure streaming is never interrupted by opting for uncapped broadband plans
Posted 7-Apr-2019 09:05


DHL Express introduces new MyDHL+ online portal to make shipping easier
Posted 7-Apr-2019 08:51


RackWare hybrid cloud platform removes barriers to enterprise cloud adoption
Posted 7-Apr-2019 08:50


Top partner named at MYOB High Achievers Awards
Posted 7-Apr-2019 08:48


Great ideas start in Gisborne with hackathon event back for another round
Posted 7-Apr-2019 08:42



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.