0

Possible Duplicate:
Difference between SSL products

I want to ensure that the traffic between the browser and my app is encrypted, and that visitors don't have to click through a scary "unverified certificate" dialog.

I'm looking over the SSL certificate options here at namecheap.com, and I'm having a hard time figuring out which one will do that for me.

In particular, can anyone tell me what the difference is between "Positive SSL" and "Essential SSL"?

Also, if I choose one of the options that doesn't support wildcards, will it cover my domain both with and without the "www" part?

Sorry for the totally newbie question. I haven't implemented SSL on a site before. Any help would be greatly appreciated.

Community
  • 1
Agvorth
  • 2,429
  • 4
  • 28
  • 29

3 Answers3

4

You can even have a free SSL certificate for your site that is accepted by every major browser. You can get it at StartSSL.

One certificate is mostly for the root domain (foo.com) and one subdomain (www.foo.com) at least at StartSSL I know that for sure but I guess that would be the same for namecheap.com.

Christopher Perrin
  • 4,741
  • 17
  • 32
2

In particular, can anyone tell me what the difference is between "Positive SSL" and "Essential SSL"?

For your purpose, the fact you one it for one app (and assuming on one server), they are exactly the same.

I can speak from experience that if you purchase PositiveSSL - you will be covered for both www.example.com and example.com, even though it's the cheapest.

Jay
  • 6,439
  • 24
  • 34
  • 2
    Are you positive? – womble Jul 10 '12 at 23:36
  • For purpose, yes. Technically, they will have different intermediate CAs and they have different assurances, but their browser coverage is equal so they have the same effect. Am I missing something (unless you meant the latter part, in which case I am certain)? – Jay Jul 11 '12 at 00:15
  • Too subtle, clearly. Lack of sleep always makes me think I'm much funnier than I really am. – womble Jul 11 '12 at 00:42
  • My gut told me it was a pun! Should have gone with it :'( – Jay Jul 11 '12 at 00:43
-2

I'd be a bit leery of the comodo certificates -- they were hacked pretty recently and are not exactly trusted. Geotrust is a better option.

By "not exactly trusted" I mean they are hard to trust -- the fundamental underpinning of the system that SSL uses is the people with trusted root certificates will not have issues like Comodo had last year. Now, I will say Comodo handled it pretty well all things considered. But it should not have happened in the first place. Why go with someone who was compromised when there are other options out there.

Rather than worry about handling multiple hosts on one cert, you might be better off using a different virtual site listening to the non-ssl traffic on your site to redirect everything to the single HTTPS host you are using. This is a win in multiple ways -- gets everybody on the right url and on SSL. Lazy users don't get errors when they forget the https prefix.

Wyatt Barnett
  • 725
  • 5
  • 14
  • 1
    I've downvoted you because "not exactly trusted" is unsubstantiated (I have used several certs for years, and never had a warning, so you need to show what browsers they are now untrusted on) and because the `www` is issued as part of the `example.com` certificate so there is no worry (worst case, it's only valid for `example.com`). – Jay Jul 10 '12 at 22:04
  • Fair enough -- I expanded the answer a bit to hit on what I meant by "not exactly trusted" and why redirects make sense. – Wyatt Barnett Jul 10 '12 at 23:58
  • It is clear what you meant, but my issue is that it's said without merit. Just because you feel a little less happy does not mean they are hard to trust in general: as I said, I can't name a browser/OS that has revoked the CA, so by definition, it's trusted. "Why go with someone who was compromised when there are other options out there." - I hope you understand that a compromised CA does not compromise your certificate in any way (assuming the CA isn't revoked) - unless you gave them your private keys. Personally I think `https://(www.)example.com/` is nice and clean, I don't want to redirect – Jay Jul 11 '12 at 00:18