The sales descriptions for GeoTrust and RapidSSL certs don't offer much in the way of specifics. For example they say RapidSSL is good for "lite duty" ecommerce. I'm trying to think of a technical reason why the number of sales conducted would have anything to do with what cert is chosen. Another example: The GeoTrust pitch shows a browser lock icon. Is it really the case that you don't get a browser lock with RapidSSL? And if not, why not?
What I'm really looking for is a straightforward comparison of the two. What would I really get with a $50 GeoTrust cert that I wouldn't with a $15 RapidSSL?
Thanks for any clues.
Full Version: GeoTrust vs. RapidSSL
As far as I know, they're exactly the same except for the "prestige factor" of having a GeoTrust QuickSSL. They are both 128 bit encypted and Equifax certified.
Technically, there is no difference in the strength of the certification. Well, I guess there COULD be w/ 40-bit vs. 128-bit, particularly when dealing with international folks (although I understand that isn't really as much of an issue anymore as everyone has 128-bit). To most of your clients, they will never know the difference.
The difference in price is really for the amount of authentication that goes into verifying who you are and that you are really who you are saying you are. I guess for additional support options too.
RapidSSL is strictly verifying the domain name via email to the domain or contacts, as well as an automated phone call.
The more expensive certs (Thawte, Verisign, presumably GeoTrust as I haven't used that specific one) go through more procedures to verify that the business that is represented by the domain is really them and so forth.
So, their rationale is that while buying a $20 software package from a vendor who uses RapidSSL might be ok, doing home banking with someone who uses is inappropriate. Due to the extremely sensistive nature of home banking, they are saying you should only trust a "fully verified" certificate.
Its a good point as it would be quite an effort to setup a fake site with a Thawte/Verisign cert, but then again, users are really just trained to look for the padlock, no more.
When was the last time you actually clicked on the padlock and viewed the certificate? I doubt you will find an "end user" that even knows you can.
The one thing I would recommend staying away from is chained SSL certificates. While theoretically better from a security standpoint for the issuer (compromise of the root key wouldn't necessarily require reissuing all customer certificates), most require special work on your server to get them trusted. And not all control panels (easily) play nice with them. Chained SSL certs are the "FreeSSL" certs from Rapid. The RapidSSL ones are fine.
Take care.
Rick
The difference in price is really for the amount of authentication that goes into verifying who you are and that you are really who you are saying you are. I guess for additional support options too.
RapidSSL is strictly verifying the domain name via email to the domain or contacts, as well as an automated phone call.
The more expensive certs (Thawte, Verisign, presumably GeoTrust as I haven't used that specific one) go through more procedures to verify that the business that is represented by the domain is really them and so forth.
So, their rationale is that while buying a $20 software package from a vendor who uses RapidSSL might be ok, doing home banking with someone who uses is inappropriate. Due to the extremely sensistive nature of home banking, they are saying you should only trust a "fully verified" certificate.
Its a good point as it would be quite an effort to setup a fake site with a Thawte/Verisign cert, but then again, users are really just trained to look for the padlock, no more.
When was the last time you actually clicked on the padlock and viewed the certificate? I doubt you will find an "end user" that even knows you can.
The one thing I would recommend staying away from is chained SSL certificates. While theoretically better from a security standpoint for the issuer (compromise of the root key wouldn't necessarily require reissuing all customer certificates), most require special work on your server to get them trusted. And not all control panels (easily) play nice with them. Chained SSL certs are the "FreeSSL" certs from Rapid. The RapidSSL ones are fine.
Take care.
Rick
life is good.
QUOTE (Jacolvard @ May 20 2006, 02:49 AM) 
life is good.
Yes, LIFE IS GOOD.
QUOTE (rickewart @ Feb 19 2006, 09:46 AM)
Technically, there is no difference in the strength of the certification. Well, I guess there COULD be w/ 40-bit vs. 128-bit, particularly when dealing with international folks (although I understand that isn't really as much of an issue anymore as everyone has 128-bit). To most of your clients, they will never know the difference.
The difference in price is really for the amount of authentication that goes into verifying who you are and that you are really who you are saying you are. I guess for additional support options too.
RapidSSL is strictly verifying the domain name via email to the domain or contacts, as well as an automated phone call.
The more expensive certs (Thawte, Verisign, presumably GeoTrust as I haven't used that specific one) go buy acomplia through more procedures to verify that the business that is represented by the domain is really them and so forth.
So, their rationale is that while buying a $20 software package from a vendor who uses RapidSSL might be ok, doing home banking with someone who uses is inappropriate. Due to the extremely sensistive nature of home banking, they are saying you should only trust a "fully verified" certificate.
Its a good point as it would be quite an effort to setup a fake site with a Thawte/Verisign cert, but then again, users are really just trained to look for the padlock, no more.
When was the last time you actually clicked on the padlock and viewed the certificate? I doubt you will find an "end user" that even knows you can.
The one thing I would recommend staying away from is chained SSL certificates. While theoretically better from a security standpoint for the issuer (compromise of the root key wouldn't necessarily require reissuing all customer certificates), most require special work on your server to get them trusted. And not all control panels (easily) play nice with them. Chained SSL certs are the "FreeSSL" certs from Rapid. The RapidSSL ones are fine.
Take care.
Rick
The difference in price is really for the amount of authentication that goes into verifying who you are and that you are really who you are saying you are. I guess for additional support options too.
RapidSSL is strictly verifying the domain name via email to the domain or contacts, as well as an automated phone call.
The more expensive certs (Thawte, Verisign, presumably GeoTrust as I haven't used that specific one) go buy acomplia through more procedures to verify that the business that is represented by the domain is really them and so forth.
So, their rationale is that while buying a $20 software package from a vendor who uses RapidSSL might be ok, doing home banking with someone who uses is inappropriate. Due to the extremely sensistive nature of home banking, they are saying you should only trust a "fully verified" certificate.
Its a good point as it would be quite an effort to setup a fake site with a Thawte/Verisign cert, but then again, users are really just trained to look for the padlock, no more.
When was the last time you actually clicked on the padlock and viewed the certificate? I doubt you will find an "end user" that even knows you can.
The one thing I would recommend staying away from is chained SSL certificates. While theoretically better from a security standpoint for the issuer (compromise of the root key wouldn't necessarily require reissuing all customer certificates), most require special work on your server to get them trusted. And not all control panels (easily) play nice with them. Chained SSL certs are the "FreeSSL" certs from Rapid. The RapidSSL ones are fine.
Take care.
Rick
Hehe, I'm making my own SSL sertificates
I do not have the exact technical details for the chains involved but there is a hierarchy to the SSL providers and how fast a web browser will authenticate an SSL Certificate. Some SSL providers are "Root" providers where as other SSL providers are "Chained" providers.
Example of a Root provided SSL
1) Web browser decodes SSL certificate and locates the SSL CA.
2) Web browser locates the SSL CA in the Trusted SSL Provider certificates.
3) Web browser authenticates the SSL.
Example of a Chained provided SSL
1) Web browser decodes SSL certificate and locates the SSL CA.
2) Web browser does not locates the SSL CA in the Trusted SSL Provider Certificates.
3) Web browser goes to the URL for the CA and gets the CA SSL
4) Web browser decodes SSL certificate for the CA and locates the CA's SSL CA.
5) If the web browser does not locate the CA's SSL CA in the Trusted SSL Providers Certificates, then go to step 3 to locate the CA's SSL CA hosting SSL.
6) Based on the authentication of the CA's SSL CA (or the hosting CA's SSL CA for the CA's SSL Ca for the SSL CA ..... whew! you get the idea ... ) the web browser authenticates the SSL.
Example of a Root provided SSL
1) Web browser decodes SSL certificate and locates the SSL CA.
2) Web browser locates the SSL CA in the Trusted SSL Provider certificates.
3) Web browser authenticates the SSL.
Example of a Chained provided SSL
1) Web browser decodes SSL certificate and locates the SSL CA.
2) Web browser does not locates the SSL CA in the Trusted SSL Provider Certificates.
3) Web browser goes to the URL for the CA and gets the CA SSL
4) Web browser decodes SSL certificate for the CA and locates the CA's SSL CA.
5) If the web browser does not locate the CA's SSL CA in the Trusted SSL Providers Certificates, then go to step 3 to locate the CA's SSL CA hosting SSL.
6) Based on the authentication of the CA's SSL CA (or the hosting CA's SSL CA for the CA's SSL Ca for the SSL CA ..... whew! you get the idea ... ) the web browser authenticates the SSL.
Good question. Thanks for answering it with so much detail cause I was always confused about that as well.
Hi.. Shacker,
According to me they both are almost same.
I find that one and only difference in them is only their price.
They have huge price difference. But i don't think that functionality is different.
Thanks and regards.
------------------------------------------
According to me they both are almost same.
I find that one and only difference in them is only their price.
They have huge price difference. But i don't think that functionality is different.
Thanks and regards.
------------------------------------------
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.