34

To secure my web site with HTTPS, does it matter which company I source my SSL certificate from, or just that the browser recognizes it?

From the Area51 proposal.

AviD
  • 72,138
  • 22
  • 136
  • 218

6 Answers6

10

I guess it really depends on the nature of your users.

99.9% of users will simply see that the browser doesn't give them any errors when they visit your site (assuming you bought the cert from a company that has their CA cert in your browser's cert store).

This does however point to a bigger problem with the PKI infrastructure as currently deployed:

Any known CA can create a certificate for any other site, and browsers will accept that certificate, even if the legitimate owner of the site already has a certificate from another CA.

While this is good in some ways, in that a site operator can change CA vendors if he chooses to, it also means that a compromised CA can be used to generate certs for arbitrary sites. This issue was raised when CNNIC's CA cert was added to Mozilla (and others) CA lists.

There seems to be an innate distrust of China (possibly related to "the great firewall"), but in truth, this does mean that any user in China, when trying to use an encrypted connection to a "subversive" site, should be checking that the certificate presented was NOT signed by the CNNIC CA cert.

There is a handy Firefox extension (Certificate Patrol) that monitors the certificates presented by various sites, and warns you if the certificate changes for any reason.

Rogan Dawes
  • 445
  • 2
  • 4
6

Yes, it totally matters. You only can trust the transactions as much as you trust the certificate authority. For example, if you have a DoD-signed certificate, that's pretty trustworthy. If you have a certificate signed by Chungwa Telecom, then maybe not so much. Take a look at your browsers default CA certs sometime and think about how much you trust those parties.

I recommend taking a look at this paper for a full explanation of how malicious CAs can really wreak havoc on perceived trust: Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL

Albert Gomà
  • 434
  • 2
  • 10
pboin
  • 478
  • 3
  • 6
  • 3
    "... if you have a DoD-signed certificate, that's pretty trustworthy" - unless you're a chinese spy... or a libertarian :). – AviD Nov 14 '10 at 23:27
  • 1
    but if I'm buying a cert from a recognized CA, does it matter which? – AviD Nov 16 '10 at 06:16
  • 1
    If your service will go to the general public, I'd go with any of the larger, well-known CAs. That way, you know that the client browsers will have certs alread. For a smaller audience that you know, I'd go with CACert, just to learn more about PKI and support the project in general. Eventually, their CA cert might be distributed as well. – pboin Nov 16 '10 at 12:34
  • is there a practical/security/value difference between the big CAs? For example, I remember a few years ago there was a big hoopla around some bank in the US Midwest, many of its customers fell victim to SSL Phishing - and the CA that issued the cert was GeoTrust. – AviD Nov 18 '10 at 21:24
  • There is in theory, but I'm not up to speed on which is which. Their core task is to make positive identification, which isn't as easy as one might think. Some do a better job than others, but even then, past history is only suggestive of future performance -- nothing more. I think of Verisign's mistaken issuance of a Microsoft certificate as a well-known case of a CA not doing their job. http://news.cnet.com/2100-1001-254586.html – pboin Nov 20 '10 at 03:13
4

actually, where you get certificate matters a lot. Remember any one can create certificate and sign including hackers. so each browser has list of verified companies in order to compact forging certificates. so you should get your certificate from international recognized company like verisign and etc.

Mohamed
  • 1,404
  • 1
  • 11
  • 14
  • 1
    Playing devil's advocate here, And are they all equivalent, or are there differences between them? – AviD Nov 12 '10 at 00:22
  • they were different until verisign acquired thwate. so technically they are same now. – Mohamed Nov 12 '10 at 04:53
  • 1
    Heh, but that's still not all of them. If I'm buying a cert, what are the advantages of one CA over the other, or are there none? – AviD Nov 12 '10 at 12:58
4

From one perspective, it doesn't matter much at all as long as the CA's root certs are loaded into all the major browsers. If you have an SSL cert from a CA that is trusted by those browsers, then almost all of your users will not care who issued the certificate.

For example, suppose you are building an internal app and all of your users are company employees. Your company runs an internal-only CA. Your IT department installs your company's CA cert on all employee systems. Thus whenever those employees visit your app, they will see the padlock and know that it is secure.

Similarly for an website that you are only using yourself. You could self-sign and it would be ok.

From another perspective, it absolutely matters who you choose. You definitely want a CA that has rigorous security procedures, for a couple of reasons:

  1. You don't want them to (mistakenly or maliciously) issue a certificate to someone else who claims to be you. Then this third party can impersonate you on the web and you and your users are screwed.
  2. If they become known to have lax security, then all the major browsers will issue security updates that remove their CA root cert from the browser. (See DigiNotar as a recent (September 2011) example.) In this case, you will have to quickly find a new CA and install new SSL certs on your servers because browsers will no longer trust your old SSL certs.
bstpierre
  • 4,868
  • 1
  • 21
  • 34
  • 1
    DigiNotar vs Comodo. Seems that all that really matters is whether the CA is to big to fail. I understand Comodo was hacked four times (some better reported than others) before RSA awarded an entrepreneurship award. (RSA is quite big as well.) – Tom Hawtin - tackline Oct 17 '11 at 22:33
  • @TomHawtin-tackline: True enough. Perhaps I should have said, "choose a CA that is too big to fail". – bstpierre Oct 18 '11 at 13:03
  • 5
    "_You don't want them to (mistakenly or maliciously) issue a certificate to someone else who claims to be you._" The problem is that any other CA (accepted by major browsers) can do that, unless your users are tracking suspicious certificate changes, esp. those that indicate a change of CA. That is, probably less .001 % of users unless your users better informed than average. – curiousguy Oct 22 '11 at 18:43
2

As long as the browser recognizes it. The browser has a list of CA's that it trusts that handles the big ones. There are smaller ones that are trusted by the bigger CA's that are cheaper. The only trick to those is that you have to typically install extra certs on the web server called chained certs or intermediate certs so you browser can follow the trust chain from your CA to one that it knows. This is all transparent to the end user.

chs
  • 51
  • 2
1

It matters: if you choose a CA so incompetent/dishonest that it gets kicked out of root cert store, then you better get in touch with another CA quickly.

It does NOT matter: any cert accepted by browsers will work equally well.

It DOES matter: informed "paranoid" users DO worry about CA that have done bad things in the past, so expect some users to reject or at least question you about COMODO certificates.

Anyway, the whole SSL PKI is useless!

mod edit in response to 'offensive' flag

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
corrector
  • 61
  • 3
  • Care to explain the down vote? – corrector Sep 22 '11 at 19:16
  • Though your answer has some valid points, it is not well laid out and is really more inflammatory toward CAs and "the whole SSL PKI" than it is technically accurate. Also, you're posting a poorly-worded response to a question which long ago received some well-formed answers, one of which has already been accepted. **Please join us in chat (http://chat.stackexchange.com/rooms/151/the-dmz) or post in meta (http://meta.security.stackexchange.com) if you'd like to discuss this further.** – Iszi Sep 22 '11 at 20:20
  • I cannot chat as I been downvoted!!!! – corrector Sep 22 '11 at 20:26
  • I do not believe there is a significant reputation requirement to post in Meta. Perhaps you'd like to try bringing up your issues there. – Iszi Sep 22 '11 at 20:27
  • Just to confirm - I have provided access to the chat room so please feel free to use it to discuss. – Rory Alsop Sep 23 '11 at 10:42