The Old Joel on Software Forum: Part 4 (of 5) - Good place to buy SSL Certificate?

Good place to buy SSL Certificate?

Anyone know a good place to buy a good SSL certificate? A google search comes up with Thawte first, who I have heard many people complain about, along with a host of other providers I have never heard of.

Any good experiences with particular companies?

Ben R
Wednesday, May 19, 2004

you can make one for free with openssl

Tom Vu
Wednesday, May 19, 2004

The free one doesn't count if you want to eliminate the dialog box users see.

Li-fan Chen
Thursday, May 20, 2004

Dont waste your hard earned money on those SSL bozo's! Become your own CA (Certificate Authority), and rule the world! Just think of what all the girlz will think...

Anon-y-mous Cow-ard
Thursday, May 20, 2004

thawte = verisign (via acquisition). probably best to stay away.

http://www.instantssl.com/ is one option.

the webhostingtalk board is a good place to do more research.

mb
Thursday, May 20, 2004

thawte even tries to hide the fact that they're verisign.

front page:
Welcome to thawte, the second largest global Certification Authority (CA) trusted since 1996

legal notice:
Welcome to this website, which is owned and operated by VeriSign and/or VeriSign's subsidiary, thawte

I wonder who the first largest is if not Verisign.

mb
Thursday, May 20, 2004

> Anyone know a good place to buy a good SSL certificate

I like the Socratic method:

Socrates: I am just a silly old man. I don't understand this modern technology. What is an SSL certificate for?

Plato: Fundamentally, the purpose of any security system is to mitigate a threat. In this case, the potential threat is a third party either passively eavesdropping or actively interfering in a conversation between a client and a server over a public network.

Socrates: How does it work?

Plato: An SSL certificate provides cryptographic evidence that a client is in fact talking to the server named on the certificate. The server can send messages to the client which could only come from the server. Similarly, the client can send messages to the server which can only be understood by the server. Such a mechanism is sufficient to "bootstrap" exchange of symmetric crypto keys. Thus, we solve both the problem of evildoers pretending to be servers that they are not, and eavesdroppers.

Socrates: You lost me there Plato. How is it that the client knows that a given certificate is in fact the one that matches a particular web site?

Plato: The certificate is vouched for by a certifying authority. A certificate constructs a CHAIN of trust; the client can cryptographically verify that a given certificate really was issued by a given authority.

Socrates: You have begged the question then. That is, you have answered a question in a circular manner. A certificate only establishes trust if there exists a trusted authority. How does that simplify things?

Plato: The client need only trust a small number of certifying authorities. The CAs can then issue many certificates. As long as each certificate chains back to a trusted CA, the system remains secure.

Socrates: How do users establish trust relationships with CAs?

Plato: The details are not important; suffice to say that obviously some more trustworthy system than the internet must be used to get an initial set of trusted root certificates onto the user's machine! For instance, some could come pre-installed, putting the burden of secure transmission of the original certs onto the operating system vendor.

Socrates: It seems to me then that if I want to choose a CA to issue my server a certificate, that CA must have a number of properties.

First, it must be a CA which I trust to not issue someone else a certificate in my name. There is no point in going with a CA that I don't believe to do due dilligence!

Second, it must be a CA which my clients can use to establish a trust chain rooted in the client's set of trusted roots. That means that either I go with a well-established CA and hope that a sufficient number of my clients trust that CA, or provide an out-of-band mechanism whereby my clients can update their root certificates in a secure manner. Of course, if I do that, I'll need to consider the fact that perhaps not all clients are admins on their boxes, and so on.

Plato: Truly, you are a wise man, Socrates.

*****

Does that answer your question? A good place to buy certs is from someone you trust to issue good certs, and someone your clients ALREADY trust, so that they don't have to add new CAs to their trusted root cert store.

Since only you know who your clients are, and since only you know who you trust, you're the one who has to make this call, right?

Eric Lippert
Thursday, May 20, 2004

actually, a lot of people don't care so much if the CA is top notch. For instance, for my personal site, I'm happy with the dialog box. However, someone else might just want to go with any CA that can make the popup go away.

Richard P
Thursday, May 20, 2004

I heard McDonalds was handing Certs with all Happy Meal boxes.

RP
Thursday, May 20, 2004

We used Comodo/Instantssl. No complaints, and the cert was about 1/7th the cost of Verisign.

Karl Perry
Thursday, May 20, 2004

Hmmm... I wonder if it would be good business to start selling certificates. $1,000 a cert and you can say you are whoever you want to be.

In fact, I can promise the client will even get a dialog box saying that you're that organization. Yeah, there will be some red X's and legal blather that I'm not trusted, but wanna bet that nobody reads or even understands that stuff?

Alright - first up - who wants to be CitiBank?

Philo

Philo
Thursday, May 20, 2004

Nice theory Eric, but as they say: "In theory, theory and practice are the same. In practice, they are not."
In practice you want an SSL certificate that up the trust chain is signed by one of the root CA's that are already in the Windows trusted root certificate store of all your clients. That way they get no "Warning", a nice lock icon in their browser, and won't be scared off. They never asked themselves wether they "trust" those root CA's. They have no clue about CA's, certificates or any other mumbo-jumbo. They never check to see what the cert says, or wether it is valid. In practice PKI has serious usability/implementation issues.
Hands up here who knows what aspects of the cerificate are checked by the browser that you are currently using before it issues an all-clear.

Just me (Sir to you)
Friday, May 21, 2004