SSL cert pricing : too cheap to be true ??

Forums › IT Pro and developers › SSL cert pricing : too cheap to be true ??

1101

3122 posts

Uber Geek

#171978 7-May-2015 15:03

Hi There

Im looking into SSL cert pricing , just a basic cert for Outlook Anywhere, OWA etc
I dont want certs that have to be manually installed.

The pricing seem all over the place. Some prices seem too low to be true, with reseller pricing starting at $5
Godaddy $90

Rapid SSl seems cheap , $32 ($11 if you are a reseller),
https://www.trustico.co.nz/dv/rapidssl/cheap-rapidssl-certificate.php

and some other resellers offer SSL certs from $5 for a Comodo SSL. Whats the catch, seems too cheap.
https://www.ssls.com/domain-only.html

Would these cheap certs cause issues with not being fully trusted, as is ?
I dont want certs that have to be manually installed.

The naming of these certs is confusing, Positve SSL, Rapid SSL, Quick SSL
Which would I require , just for OWA Outlook anywhere etc. Do I need any more than the most basic of SSL cert ?

Any advice would be appreciated.
In the past I just went to digicert etc & paid there comparatively high pricing (starting at $155)

1 | 2

154 posts

Master Geek

#1299944 7-May-2015 15:28

normally need a SAN cert because you will have multiple subdomains & servers.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1299947 7-May-2015 15:33

The annoying thing is that you go to some of these cert companies and they have as you noticed confusing names that don't help.

Then you have things like RapidSSL certificates, which is a Geotrust company, which is part of Verisign, which is now part of Symantec. So why do they have to have dozens of different names for the same product?

xcubed

194 posts

Master Geek

ID Verified

Lifetime subscriber

#1299949 7-May-2015 15:36

If it's just for an HTTPS website, then you can get free ones from StartSSL.
Ultimately, a certificate is only as secure as the site that it is hosting, so there's no point spending lots of money on a certificate, as an expensive certificate doesn't provide a more secure connection.

timmmay

20574 posts

Uber Geek

Trusted

Lifetime subscriber

#1299956 7-May-2015 15:41

Can you clarify what you're trying to achieve - encrypted email for your client, or providing say OWA over an SSL connection? Cloudflare provides free automatic SSL if you can tolerate its limitations, which are minor for many.

1101

3122 posts

Uber Geek

#1300001 7-May-2015 16:20

Outlook Anywhere (Outlook via RPC over HTTP) wont work with self signed certs

So a need a SSL cert , just for OWA & Outlook anywhere.
single domain name, dont need a wildcard cert.
I dont want to have to muck about trying to install untrusted certs on PC's & I dont think that works any more for Outlook Anywhere .

ajobbins

5052 posts

Uber Geek

Trusted

#1300019 7-May-2015 16:54

I use a heap of free certs from StartSSL. All work fine, but are single domain only

Twitter: ajobbins

MadEngineer

4271 posts

Uber Geek

Trusted

#1300031 7-May-2015 17:02

Wait, certificates you don't have to manually install? Is that like it comes with a trusted monkey that does the device export for you?

You're not on Atlantis anymore, Duncan Idaho.

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

nathan

5695 posts

Uber Geek
Inactive user

#1300070 7-May-2015 18:44

1101: Outlook Anywhere (Outlook via RPC over HTTP) wont work with self signed certs

So a need a SSL cert , just for OWA & Outlook anywhere.
single domain name, dont need a wildcard cert.
I dont want to have to muck about trying to install untrusted certs on PC's & I dont think that works any more for Outlook Anywhere .

it can be made to work with self signed

but what's the point. SAN certs are very low cost these days

you'd only go down the self signed path path if time did not equal money and you were stupid.

Inphinity

2780 posts

Uber Geek

#1300071 7-May-2015 18:45

MadEngineer: Wait, certificates you don't have to manually install? Is that like it comes with a trusted monkey that does the device export for you?

An SSL cert whose root authority is trusted by the client already (assuming the path is correct blah blah), won't need to be specifically installed on the client device. Google don't send a tech - sorry, trusted monkey - around to everyone's house to install their certs on all your devices when they renew them...

Dynamic

3866 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1300079 7-May-2015 19:11

We use the trustico rapidssl certificates in a large range of server situations and have had zero issues. Not seen StartSSL before now.

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management. A great Kiwi company.

jnimmo

1097 posts

Uber Geek

#1300227 7-May-2015 22:02

Grab a RapidSSL cert from ssls.com for 3 years or something.. $27 USD, maybe even get away with the slightly cheaper PositiveSSL from Comodo there but possibly slightly less recognition.
1 year is a pain :)
Use SHA-256 or the key instead of SHA-1 if you don't want Google Chrome popping up warnings

MadEngineer

4271 posts

Uber Geek

Trusted

#1300250 7-May-2015 22:11

Inphinity:
MadEngineer: Wait, certificates you don't have to manually install? Is that like it comes with a trusted monkey that does the device export for you?

An SSL cert whose root authority is trusted by the client already (assuming the path is correct blah blah), won't need to be specifically installed on the client device. Google don't send a tech - sorry, trusted monkey - around to everyone's house to install their certs on all your devices when they renew them...

ah I was referring to the manual install comment but I get what he means now :) (manual install on the visitors browser rather than on your server. setting up a cert on your server is still a manual process)

You're not on Atlantis anymore, Duncan Idaho.

Quacko

21 posts

Geek

#1300270 7-May-2015 22:40

I recommend DigiCert www.digicert.com

They are a step above the super-cheap/free certs, on par with those you would get from Thawte or Verisign, but cheaper.

CapBBeard

211 posts

Master Geek

#1300278 7-May-2015 22:57

Sidenote on SSL deployment, I'd recommend verifying your installation with something like https://www.ssllabs.com/ssltest/

This will show up any areas for strengthening or where configuration could be enhanced. A couple of little tweaks can make a massive difference.

Regs

4066 posts

Uber Geek

Trusted

Snowflake

#1300281 7-May-2015 23:01

I believe that much of the price difference comes in the sort of insurance you get with the cert. If you're running an online ecommerce site, or storing peoples PII, then you probably want to pay for the ones with extra protection. You may not need that insurance though, so the cheap ones will usually work fine - but some don't have trusted roots across all devices

Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

1 | 2