SSL Certificates

[bloodugly]

I'm thinking of going with Comodo, a lot of that having to do with my love of their free firewall and the little thing in the bottom right corner that shows at all times on every page, even if you scroll, that lets the customer know you have SSL. Any opinions/experiences/warnings you guys might be able to share? I think for 100 bucks a year it isn't a bad deal. I know most of us know there isn't much difference between them, but this is more about comfort to the average Joe that might wonder about such things.

Edit: Also has anyone seen any sales increase/decrease by using a different company or placing the badge/logo in a different spot on a page? Anyone think people would be more likely to trust a certificate/badge from one company or another?

 

[Chiefcrowe]

i don't think people care that much really, just want to have some kind of certificate. if you're going to have a lot of financial transactions you're probably best off with a big name company. I use verisign.

 

[Red Squirrel]

I usually just use self signed, though it's annoying that browsers make such a big deal out of it and scare users away. I think it's some kind of marketing ploy tbh.. there's no reason to pay thousands just for a certificate.

I mean, as long as it's encrypted, that's what counts. If I was doing this for a site many users will access I'd probably just swallow the cost so it does not give a bad impression. A typical user will see the huge warning and think their data wont be secure.

 

[DukeN]

I use digicert

 

[RebateMonger]

I don't think anybody cares about the brand name on the Certificate. But, yeah, folks get scared by self-signed Certificates.

 

[seepy83]

I always recommend using a well-known and trusted Third Party CA. Something like Verisign, Entrust, UserTrust/Comodo, etc.

Self-Signed certs are never recommended for public websites. I can create a self-signed certificate that says I'm Amazon.com, but that doesn't mean I'm amazon.com. This is just one of the reasons why self-signed is not good.

If you're doing e-commerce, then it is probably most important that you verify the CA you choose is in the Trusted Third Partys of the major browsers by default.