Buying a ssl certificate help and sslcertificate.com

junipaire2009

Free Member
May 21, 2010
162
11
Hi

I need a ssl certificate for my site and thought I'd look around to see what prices I could find, I found a site that was doing them for $5.99 a year, the site seems very professional and I spoke to someone on live chat feature and they said the certificates support 2048-bit key length, 128/256-bit session encryption and SHA-256 signature algorithm.

Has anyone had any experience with them though, when you compare the price with the £50 it is around from my host it certainly seems tempting when this company says essentially their EssentialSSL is equally as good as the Trustwave EasyTrust SSL from my webhost.

Anyway any advice would be helpful.

Regards,
Phil
 

Dan_HiHosting

Free Member
  • Mar 7, 2011
    1,114
    271
    UK
    www.hihosting.co.uk
    Hi Phil,

    I'd normally say go with your web host, although they do seem to overcharge for this.

    If you do go with an external provider, make sure that your host don't charge for the installation, or at least be aware of any fee if there is one.

    Unless you're looking at organisation validation or extended validation (green address bar) certificates then there's very little difference between certificates.

    The Trustwave EasyTrust SSL and the Comodo Essential SSL are both "instant" domain validation certificates so there's no real difference between them.
    I'm not as familuar with the Trustwave certicifcate, but they should both offer 99.9% browser compatibility.

    To have compatibility with IE8 on Windows XP and older version of Android etc. then you'll need a dedicated IP address as well.

    Hope that helps.

    All the best,

    Dan
     
    Upvote 0

    junipaire2009

    Free Member
    May 21, 2010
    162
    11
    Hi

    Yeah I asked Vidahost for a CSR to get my new ssl certificate up and they've got back to me saying I have to pay an extra £25 a year for installation. Is this fee a necessity or can't I simply install it on my own, seems a rip off.

    Cheers
    Phil
     
    Upvote 0

    Dan_HiHosting

    Free Member
  • Mar 7, 2011
    1,114
    271
    UK
    www.hihosting.co.uk
    Hi Phil,

    It does seem like they're heavily marking this up.

    It depends on your host.

    If you've got a cPanel account with them and they haven't disabled this functionality you can install this yourself by clicking SSL/TLS Manager under the Security section.

    If you're using their "cloud" hosting with the proprietary control panel then you may be out of luck.

    The SSL/TLS Manager lets you generate the CSR yourself, which you can give to the certificate issuer, and then install the certificate yourself once you receive it in the same section.

    We normally recommend that you don't install a certificate yourself however, and always do this on behalf of our clients as it's easy to make mistakes. To be honest it's quickly and easily done for an experienced tech. It's certainly not £25 of labour.

    Given you want an SSL and are posting in this forum I assume you're running an eCommerce store? In that case you may be better off with dedicated eCommerce hosting which can come with a free SSL and dedicated IP, depending on the provider, and would also be a step up in performance.

    That could work out more cost effective if your options are Hosting + SSL certificate + £25 installation + Dedicated IP, or Hosting + £50 certificate + Dedicated IP.
    As all that plus higher performance eCommerce hosting would probably come to less if you go for a complete package.

    I hope that helps,

    Dan
     
    Upvote 0

    junipaire2009

    Free Member
    May 21, 2010
    162
    11
    Hi Dan

    Thanks for the info, its too late sadly to find a new host with free ssl, something I maybe should of considered but too late now. Yeah its on the cloud and they have got back to me saying I can't access this feature on their servers as things can go wrong like you mentioned.

    So I guess I'll have to pay the extra reluctantly.

    Cheers again.

    Phil
     
    Upvote 0

    Dan_HiHosting

    Free Member
  • Mar 7, 2011
    1,114
    271
    UK
    www.hihosting.co.uk
    Upvote 0

    junipaire2009

    Free Member
    May 21, 2010
    162
    11
    Yeah it certainly does, if I followed the tutorial given by the ssl company I doubt I'd get it wrong but there you go, it is what it is I guess. Having hassle still o get it to show right without given padlock warnings saying it includes resources that are not secure.

    Weirdly just checked a few competitors sites and amazingly found they are not using https at all so beginning to think maybe I didn't need it in the first place, but I guess it gives the buyer that extra bit of trust when they go to an account page and see the padlock. I'll carry on trying to figure out why it doesn't show right, wish me luck.

    Cheers
     
    Upvote 0
    $5 is great if you consider time is free and you have the knowledge and/or you can have downtime where it is taking you longer or greater risk of mistake. We charge much more than any of the people listed here, but our service is truly fully managed end to end, but if you have the knowledge/time you can do it yourself for free/no extra cost other than IPv4.

    While I won't comment on the other host mentioned specifically, one would hope they are not forcing a cost through obfuscation, it sounds more likely however they are charging you to perform managed works on an unmanaged server.
     
    Upvote 0

    Dominic Taylor

    Free Member
    Jun 19, 2008
    1,173
    254
    Bath
    We've always had a cost for installing a third-party SSL....but as the SSL market changes I suspect that in the near future basic SSLs will be bundled free a lot more frequently as SSL is becoming more of a 'default' (rightly so in my opinion given the many security benefits).

    The theory behind charging is that - on the cloud for example - we use dedicated hardware to serve the SSL requests so have to cover the cost of that.

    And, historically, the cost included a dedicated IP. These days it doesn't by default (due to SNI), but we allocate an IP at no extra cost if people prefer to have one.

    There is also overhead with installing SSLs manually, especially in cases where we have to go back and forth. We have someone here whose (pretty-much) full-time job is managing the more complex/time-consuming SSL orders.

    We also help clients out with getting their site working with SSL, eg making sure all items on a page load with https:// and so on. A lot of the support we do is more strictly web development but our ethos has always been to help our clients as much as reasonably possible, saving them time/hassle but without putting our web design clients out of work!

    On virtual servers clients can install themselves because it's their own system :)
     
    Upvote 0

    junipaire2009

    Free Member
    May 21, 2010
    162
    11
    Another thing that has arisen which I'd like to get your opinion on, Vidahost are asking if I want them to run a script to essentially turn all my sites pages to be htpps. Would there be any downsides to doing this or should I tell them to go ahead and do this.

    I look forward to hearing your views.

    Cheers
     
    Upvote 0
    Running entirely in https is ideal, but it depends what type of customers you have and how secure you want to be / they make it.

    If you allow them to apply optimum security, you may for example block all IE6 or IE8 users on Windows XP from visiting your site or store (without user side tweaks).

    This is the sort of advice a fully managed SSL provider would be able to provide where a $5 provider often will not.
     
    Upvote 0

    junipaire2009

    Free Member
    May 21, 2010
    162
    11
    Thanks Carl

    Cool, yeah I heard a few years ago it probably wasn't advised to have the whole site as https and not just account pages as it could slow down page loading times somewhat but its maybe not so much of an issue these days.

    I opted for in the end godaddy ssl certificate as they had a sale on. I think the retail price for the ssl I got is £39.99.

    cheers
     
    Upvote 0
    Yeah page load time overhead due to SSL and compression aren't really such a big deal under https any more, even for clients using mobile processors (where you could really notice previously - though there are people in less developed parts of the world making do with older tech which will see performance degredation).

    Because your host is offloading SSL, the server-side is probably not concern either. The only thing as I mentioned is, do you want to be optimally secure (which means only been able to serve people on reasonably modern browsers and servers) or do you want to offer a fallback to those people who don't update. Also remember by using SNI and not true IPv4 you are limiting the browsers supported (as only more modern browsers send host headers on SSL for SNI), though the impact of this is much less felt than the IE/XP one of cipher support.
     
    Upvote 0

    Dominic Taylor

    Free Member
    Jun 19, 2008
    1,173
    254
    Bath
    I base the ciphers we commonly use on theMozilla recommendations - though I'm not responsible for the cloud system ;)

    But...there is always the issue of compatibility. If you check Google.co.uk it doesn't score too well, they even support SSL3/RC4!...they must have their reasons. Although their cert shows as SHA1 even though they're encouraging everyone to switch to SHA256....

    Interestingly, the Apache SSLCipherSuite directive is actually configurable in a .htaccess, although on the cloud system that won't work.

    As for a dedicated IP - yes, they're available at no extra cost for people who need to support older users. Most people just take advantage of the 'no DNS change' nature of SNI though.

    Finally - as a vindication of the cost - since my first post my colleagues & me have spent a bit of time with Phil because some of his plugins weren't playing ball with the SSL :) (I can't find the ticket now but I hope it's all ok!)
     
    Upvote 0
    Windows XP still runs on about 15% of desktops worldwide and a large amount of those use XP, so dropping RC4 support would have a massive impact on Googles https:// by default approach when they're not using SSL 99.9% of the time for cardholder transport protection (they possibly switch domains or cipher support for the other 0.1% actually needing MiTM or weak cipher protection).
     
    Upvote 0
    I know it won't be futile as I'm late to answer, but again if someone else stumble upon it, I would like to say that any of the branded SSL/TLS Certificate like RapidSSL, Comodo, GeoTrust are equally good to be purchased. The one you said Essential SSL is provided by Comodo CA (Certificate Authority) which is known globally for their services.

    Apart from this, you can purchase directly from the respective CA's (Certificate Authorities) websites or else you can even visit their reseller like TheSSLStore which can help you get the same SSL Certificate in much lower price with some added benefits like 24x7 chat, telephone & email support, 30 day money back guarantee and also knowledgebase articles to know any of the queries.
     
    Upvote 0

    antropy

    Business Member
  • Business Listing
    Aug 2, 2010
    5,331
    1,104
    West Sussex, UK
    www.antropy.co.uk
    Weirdly just checked a few competitors sites and amazingly found they are not using https at all so beginning to think maybe I didn't need it in the first place, but I guess it gives the buyer that extra bit of trust when they go to an account page and see the padlock.
    You definitely need it.

    I'll carry on trying to figure out why it doesn't show right, wish me luck
    Wasting all this time to save £25 *facepalm*
     
    Upvote 0

    Latest Articles

    Join UK Business Forums for free business advice