Slashdot Mirror

← Back to Stories (view on slashdot.org)

Choosing an SSL CA?

Posted by ryuzaki0 on from the who-signs-your-certs dept.

zentigger asks: "I am looking at renewing some SSL certificates and checking out the various vendors. I seems that just about every major CA has some reason for not using them. Verisign is just evil, Thawte is owned by Verisign, Geocerts has a bad habit of spamming, and Godaddy uses a stupid chained cert that doesn't work for some appliances we have (and they won't let me check out using Firefox). I realize that I could just use a self-signed certificate, but we have too many stupid users that get all confused and whiny when something pops up and asks them unexpected questions. So I put it to you, Slashdot: what CAs do you recommend and why?"

18 of 94 comments (clear)

  1. The cheapest one by ericspinder · · Score: 4, Informative
    The cheapest one. In the past I used GeoTrust, but I did see that my favorite registar registerfly has a 'special' for $16 ('real price' $25). Which is good for 99% of the browsers, and a 'Single root trusted SSL certificate' (I suspect that it is the GeoTrust/Equifax cert in a 'plain wrapper').

    For god's sake, don't buy Veri-slime's 'Global Certificate' which was built to allow for a crippled 'international version browser', an idea which was abandoned 6 years ago. A quick check of their site leads me to suspect that they changed the name to 'Financial SSL Certificates for OFX'. I Think that that verisign product represents the last 'one percent', however I doubt if anyone should trust an SSL conntection to those long outdated browsers.

    --
    The grass is only greener, if you don't take care of your own lawn.
    1. Re:The cheapest one by narzy · · Score: 4, Informative

      I'm personally a fan of NameCheap, they use geotrust, my suggestion is to go with geotrust, I haven't had any problems with them but I do register the cert with a custom e-mail address like ssl@companyname.com that way if it is a spam target it's isolated.

  2. cacert.org by Procyon101 · · Score: 5, Informative

    cacert.org

    They have a great concept that should be supported.

    1. Re:cacert.org by generationxyu · · Score: 4, Informative

      Actually... cacert.org defeats the purpose of the CA system. It's a kind of pointless system if you ask me, but it's still defeated. If you register with cacert.org, you get a CA cert that isn't trusted by any browser -- much like a self-signed cert. If it gets registered with browsers (probably only Firefox and other open-source browsers), then spammers, phishers, and the like will just use cacert.org and get that nice padlock in the corner closed.

      --
      I mod down pyramid schemes in sigs.
    2. Re:cacert.org by Kadin2048 · · Score: 2, Informative

      I was going to bring them up. I'm not sure though that they satisfy his "stupid user" test, since their root certificate isn't included (to my knowledge) with most OSes or browsers.

      If I'm wrong, I'll be very happy; it'll be nice when anyone can get a free certificate that's associated with a root cert that everyone has (although I'm not sure whether this would destroy the whole point of certificates -- then again I'm not sure whether I care).

      --
      "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
    3. Re:cacert.org by Sancho · · Score: 2, Informative

      But this means that every user who visits a site which uses CACert will get that warning. Might as well use a self-signed cert. Your average user will never know the difference.

      And even if Firefox gets CACerts root cert installed by default, the other 8/10 users are running IE. Does IE have this cert installed by default?

    4. Re:cacert.org by Atrus5 · · Score: 2, Informative

      RFC3546, section 3.1 specifies server name indication. mod_gnutls has supported it since April of 2005. mod_ssl (bug) is waiting on OpenSSL to make support possible. Opera has supported SNI since 8.0. IE7 has since beta 2. Mozilla/NSS/Firefox is ready to go with NSS 3.1.1/Gecko 1.8.1/Firefox 2.0. Konqueror will support it in 4.0 (bug). Safari is the only major browser without support (fresh bug).

  3. I use Comodo by Anonymous+Crowhead · · Score: 5, Informative

    http://comodo.com/

    They were the first company I found selling certs for $50 compared to Thawte which was around $200 at the time. Now we use a wild card cert which costs $449 + $10/server. We use it on 15 servers with 20 or so hostnames (*.url.com) right now. It makes it a hell of lot easier to update and manage only one cert.

    We have had no reported problems with browser compatibility.

    1. Re:I use Comodo by Anonymous Coward · · Score: 1, Informative

      My job uses Codomo too, they are a pretty good deal, especially for a wildcard cert (if you're running an ASP, using hostnames like [clientname].domain.com, then this is what you want.

      Protip: While you might be wondering about that $10/server charge there, know this: apache 1.3.x (and I suspect 2.x) CAN in fact have SSL vhosts all sharing an IP provided that they all use the same SSL key and SSL certificate Since they all use the same key, the encryption will be negotiated, then the actual vhost to use will be determined. Since the certs for all the vhosts are the same in the *.domain.com case, the certificate will always match the hostname.

      Gotchas: If you add a new SSL vhost, you must stop the server completely, then restart it. If you try an apachectl graceful you will be told the server was gracefully restarted, when in fact it died a horrible death. Our logrotate scripts now issue "apachectl graceful; sleep 5; apachectl graceful; sleep 10; apachectl graceful", just to be sure. Second, if someone attempts to connect to https://afsdafsdf.domain.com/ and you do not have an afsdafsdf vhost defined, apache will connect the user to the first SSL vhost available for the purposes of SSL negotiation, then leave them on that vhost.

    2. Re:I use Comodo by oyenstikker · · Score: 3, Informative

      My company got a certificate from Comodo, and got a cert with a 3 signer chain. It was in okay in IE and Firefox, but not in Sun's JVM. Unacceptable for us. We emailed them, and they got us a new cert, signed by GTE, that was recognized by Sun's JVM in about 6 hours.

      --
      The masses are the crack whores of religion.
  4. RegisterFly works fine by Anonymous Coward · · Score: 1, Informative

    I've used them too.

    The register-fly website is an example of how not to dimension your server farm for a beautiful PHP driven app. That aside, their Cert. "just works" and whoever's auth. server it actually points to is pleasantly fast.

  5. wrong! by coyote-san · · Score: 5, Informative

    Gah - I have moderator points but there's no "incorrect" flag.

    Encryption without authentication is absolutely meaningless. There would be no way to detect a "man in the middle" attack -- anyone with access to the data stream could impersonate the other party and get the complete plaintext stream. Worse, the MitM could almost certainly insert or remove content at will. ("Almost" since it's possible that there's HMAC data at the application layer in addition to the network(?) layer.)

    That's crypto 101 material. Any protocol designer that doesn't have MitM attacks as one of his top priorities should go back to his cereal box decoder rings.

    SSL contains both strong mutual authentication and message digesting. One or both parties can choose to ignore information, but it's always their choice and they can refuse a connection unless acceptable authentication information has been provided.

    Does this directly address spamming and phishing? No... but it guarantees that you can hold somebody responsible for it. That's why the "soft" side of the CA is so important - you're depending on the CA doing due diligence to ensure that 'paypal.com' is who they claim they are, not somebody with a maildrop. Generating and publishing the certs themselves is trivial.

    As an aside, "SSL" does NOT mean that you're guaranteed an encrypted channel. A 'null' cipher exists for testing purposes and many administrators never realize that they should specify a minimal acceptable cipher strength. A malicious application or client could attempt to negotiate encryption down to nothing. Some of the other ciphers are only suitable for keeping your kid sister out of your stuff.

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
  6. GeoTrust is now Verisign by dereference · · Score: 3, Informative
    my suggestion is to go with geotrust

    Unfortunately just last month Verisign announced its intentions to purchase GeoTrust. It might suck for any GeoTrust resellers, as Verisign was never very supportive of their resellers.

    Here's the press release.

  7. Re:ev1servers.net = $14.95 by mongus · · Score: 4, Informative

    I got a RapidSSL cert through EV1Servers about a year and a half ago. It worked on every browser I tried - not a single problem.

    Now if you really want to spend 13 times as much for a Thawte cert that functionally does exactly the same thing go right ahead. I prefer to keep the extra $184.05 in my pocket.

  8. CACERT, here is why by finkployd · · Score: 4, Informative

    If you have to be used by millions of everyday users (ie, e commerce site), the answer is Verisign. Well known, trusted (by lawyers, this is more important than any technical issues if you are doing financial transactions), and way too expensive (but you have no choice, welcome to the CA oligopoly)

    If you have a limited number of users, or especially if it is internal, use CACERT. Yes there is the headache of getting people to install the root but it is a one time thing and then you will never have to pay for a cert again.

    Look, x.509 is a halfway decent (if over-engineered) concept that is just horribly implemented. Cryptographically it is very strong, and in theory provides very strong authentication, data integrity, and encryption. In practice it is a stupid binary trust system (you completely trust every cert signed by a CA for everything or you trust nothing signed by that CA), and the CA's have banded together to basically ensure there will never again be any competition. The requirements to get a CA into a browser are batshit insane. A gentlemen's agreement exists between MS, Verisign, et al (Netscape/Firefox just does whatever MS does) to make sure that someone would have to spend millions and have pricing similar to all of the others to get in.

    Verisign has proven time and again that they are more than happy to give sign a certificate to anyone capable of passing their stringent security checks which involve writing a check, so what makes them any more secure than CACERT? Nothing. Oh they have tamper proof hardware, vaults, and all kinds of james bond style doomsday devices hooked up to their secret underground bunker which houses the CA, but none of that matters if they perform the same authentication checks that CACERT does (can you receive email at the domain? Good you are in).

    So don't get suckered into paying way too much for a string of bits if you don't have to. If running your own CA is not your thing (and it really is not all that hard, CA.pl which comes with openssl and an O'Reilly book is about all you need), go with CACERT. If this is not for something internal or something with a limited number of users that you could tell to download a CA, then break our your wallet and go to Verisign.

    Finkployd

  9. Best deal I've found by Phroggy · · Score: 3, Informative
    Start with FreeSSL, a real cert that's valid for one month for free.

    Then move on to Simple-SSL.com, $35 for two years or $44 for three years. Both certs are from RapidSSL.com (aka GeoTrust, but I've never seen spam from them), so they work in all the browsers most people care about, but Simple-SSL.com is much cheaper than RapidSSL.com even though it's exactly the same product.

    "RapidSSL.com certificates are compatible with IE 5.01+, Netscape 4.7+, Mozilla 1+, AOL 5+, Firefox, Safari and many newer Windows and Mac based browsers and are single root install certificates (they do not use chaining technology), meaning that they are compatible with SSLv2 and SSLv3."

    By the way, if anyone knows how to add additional certificates to a Motorola v551 mobile phone, please let me know...
    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  10. GeoTrust was bought by VeriSign last month by maggard · · Score: 2, Informative

    The new was made public 1 month ago with the announcement that almost all of GeoTrust's staff were being let go in a few weeks, VeriSign was the new owners and were gonna consolidate operations.

    GeoTrust is still in business right now, I know for a fact that they've got salesfolk answering the lines and their product lines haven't been shut down so as far as a certificate goes they're still as good as they were a month ago. And those certificate chains are a valuable asset and will no doubt be maintained indefinitely. However the package and pricing will likely change as VeriSign moves yet more solidly into the number 1 (and 2, and 3) spot.

    --
    I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
  11. Certificate Authority Market Share Report by Onymous+Coward · · Score: 3, Informative

    This list might be of use:

    http://www.securityspace.com/de/s_survey/data/man. 200603/casurvey.html

    Popularity does not equate to quality or value for price, but it often well correlates to it. At least you could use this as a starting point for investigation.