Choosing an SSL Provider?

An anonymous reader writes "I have recently been tasked with switching our SSL certificate provider and it's proving not to be easy. We use an internal authority for our own stuff and then we buy certificates to protect outward-facing sites (a lot of them). My question for this community is: How do you choose a certificate authority to use? There is price, service (why we're leaving our last vendor), warranty, and products offered as the only differentiators I can find. Is there any public resource that would show me actual customer reviews of CAs like Verisign, GeoTrust, Comodo, Trustwave, and DigiCert? Our last vendor did a really poor job with support and I would like to make a reasonably educated decision."

What sort of support do you need?

[TechyImmigrant]

How do you support a cert? They're pretty much set once delivered.

1) You make a cert request. Pay Money.
2) They verify your identity.
3) They sign your cert request and return it as a signed cert.

It's not like you can upgrade a v3 cert to v3.1.

SSL Monopolies, SubCAs, PKI use, and supply/demand

[CarpetShark]

I could be wrong about this, but I think the problem is that PKI was intended to be much more hierarchical, like DNS.

In other words, I think the idea was probably that ISPs or other organisations would purchase bigISP.com certs, that allowed them to be certificate authorities too.

Then, an ISP's customers could go to THEM for certs. The customer's site cert would be signed by their CA; the ISP, and the ISP's in turn would be signed by the big names.

I think that does work. If so, then the problem is almost certainly that ISPs and such just don't buy those big certs, because so few people use SSL on their sites.

BUT... note that CA certs could be used much more widely than they are -- for email signing/encryption, server/client authentication in WANs, etc.