[Cialug] 87 days to go. Cert recommendations?

Matthew Nuzum newz at bearfruit.org
Fri Jan 30 10:54:58 CST 2015 

Hi, in my opinion, e-mail ssl certs give you some flexibility. In the world
of web and commerce, fractions of a second can have measurable impacts on
conversion rates. This is not as big of an issue with e-mail. Therefore the
debate about chained certs are far less pressing I think.

This puts you in a great situation because you have choices. You didn't
specify your values, so here are some things to consider:

You care most about cost and simplicity
- Got with StartSSL. The certs are free, expire after 1 year and the
verification is easy (it sends a validation e-mail to the contact on your
domain)
- You have to use Firefox to sign up for their service due to their use of
personal certificates for verification
- It takes 10 minutes
- You'll have to reverify your business every year (verification lasts only
30 days)
- You have to use a chained cert which slows down the initial SSL handshake
by 1 or 2 RTTs (30-300ms based on network connection and geography)

You care most about trust
- SSL certs that have stronger business verification are not free but web
browsers particularly emphasize the validity of the organization with the
green "trust" bar.
- All of the big SSL vendors support this. I've used Thawte the most but
I've also used RapidSSL.
- You can get a good price by using a chained cert
- Business verification takes a little while, hours or days

You care about security and performance
- Pay to get a 256b (for performance) or higher (for security) from a
premium vendor
- I've used Thawte and Verisign for this
- Don't get a chained cert - this means you'll be bumping yourself up the
pricing tier
- Since this is a premium product you also get the higher trust and
business verification benefits


On Fri, Jan 30, 2015 at 10:13 AM, Paul Gray <gray at cs.uni.edu> wrote:

> I've been out of the "I need a commercial cert" situation for a while.
>
> On Wednesday, I installed a 90-day freebie cert from Comodo because it
> was free.  No loyalty here to Comodo - it was free and the other free
> option I was looking at was just 30 days.
>
> Free is good but it's not going to last.  So I'm looking at this as my
> limited window of opportunity.  87 days to go.
>
> My main need is for IMAPS/POPS/TLS/SMTPS connections for (q)mail services.
>
> Where's the go-to place for reasonably-priced certs these days?
>
> -PG
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>



-- 
Matthew Nuzum
newz2000 on freenode, skype, linkedin and twitter

♫ You're never fully dressed without a smile! ♫

More information about the Cialug mailing list