What SSL should I choose?

SSL (secure socket layer) is a technology that protects users when they interact with a website by means of encrypting the data transfer between the web browser and the web server.  Most people will notice this when they enter credit card or other sensitive data into a web page form, but SSL can be used for any server-client interaction at all.  If you are a business, you know the importance of protecting your clients' sensitive data.  In many cases it is safest to not store data like credit card information at all, and to let the payment gateways (such as Authorize.net) handle the transactions.  However, even if you aren't storing this data, you must still protect the transfer from the client to the gateway, which is why you must use an SSL certificate.  The question, then, becomes how to choose a certificate, and what is right for you.

There are a few big names in the SSL world, and many smaller names.  Many people recognize Verisign, so businesses that want brand name assurance can look at what Verisign has to offer.  In general you do pay for this recognition, with their basic offering at costs almost double what competing providers offer.  Other providers we recomend are Thawte, which is actually owned by Verisign; Network Solutions, Geotrust, DigiCert, and GoDaddy.  Each offers slightly different features, and they can be confusing.  Here are some of the basics to look for:

 

Encryption level

Most companies offer various levels of encryption.  Depending on your needs, 128-bit could be enough, but most companies are moving to 256-bit encryption and we recommend using this whenever possible. 

 

Certificate details/authentication:

The details stored in the certificate are an important distinction between levels of certificates.  Many of the cheaper versions only secure your domain name (called a domain check or domain authorization only).  While this is often enough, for those companies that really want something stronger, they should consider upgrading to a certificate that hosts their company details as well.  This will guarantee that the data coming from your site is truly yours, and clients can feel safe that they are not at risk of a phishing attack.  We generally recommend the basic domain check or authorization, but there are times we would recommend more.  When speed is important, the basic domain validation certificate can be done in a few minutes.  The higher certificates require business information and sometimes even laywers involved, which can take time.

 

Extended validation:

Extended validation is offered on some of the higher-end SSL certificates.  This is a newer feature in browsers that will turn the address bar a different color (such as green) when a client is on a secure site.  It is another way to visually reassure the client they are on a secure site, but it is generally a more expensive feature.

 

Warranty:

Many sites offer varying levels of warranty coverage if something unfortunate should occur.  Generally the more you pay for an SSL certificate, the higher the warranty to cover you.  Verisign offers one of the highest warranties, whereas GoDaddy offers one of the lower warranties, which is appropriate to the cost of their certificates. 

 

Issuance speed:

The speed in which you can get your certificate also depends on the level of protection you ask for.  Generally you can expect the cheaper, less intrusive certificates to be automated and done quickly, whereas the top-end certificates will often take days or weeks while lawyers review your business to ensure everything is in order.  Keep this in mind when deciding what is best for your business.

 

Browser compatibility:

Most SSL providers today offer a 99% browser guarantee, but it's also important to check other devices such as mobile phones.  In general, compatibility issues are non-existent on mainstream devices, but it's something to keep in mind if your business is targeting a small or non-standard client base.

 

Recommendation:

It is difficult to pin down a recommendation because every business has their own needs.  In general, Verisign offers the largest brand name recognition, so if you are building an e-commerce site and expect your client base to be weary of purchasing without being visually assured, you may want to look for an extended validation certificate from Verisign and also include their logo on your site to further assure customers.  If you simply need to have the protection and don't worry about the brand recognition or logos, you could go with one of the cheaper alternatives, such as GoDaddy.  GoDaddy is much cheaper (about 10 times cheaper than Verisign) because they are somewhat smaller and newer to the industry (but their certificate is every bit as valid).  One of the concerns about GoDaddy is their much smaller warranty, which is why they can offer the cheaper certificate.  Geotrust is a very solid choice and we like the balance of speed, security, and support they offer, though because of their brand recognition, Geotrust is a bit more expensive than someone like DigiCert.  DigiCert offers a nice feature of securing both www.yourdomain.com and yourdomain.com for the price of one, so if that is something you require, you may want to choose DigiCert.

In the end what is right for you will come down to looking at the features offered by each company and comparing them to what you need.  In general the companies listed here are all a good choice, but of course, it's important you do your own research to determine the best fit for your needs.  Look at what companies the SSL providers have listed on their site having secured, and visit their site.  Look at the certificate information in your browser.  This is what your customer will see, so if you're happy with how it functions, chances are that that SSL provider will work out well for your company.

 

Disclaimer: Whitelancer Web Development will in no way be held liable for any damages occured by any information on this page. We fully expect everyone to research and make their own decisions.