Get the best SSL cert for the job...<p>If you just want to secure a login page for your own personal use, get a free cert from StartSSL.<p>If you need to give access to the page to more people, it's best to get a cheap cert from Comodo, etc. because they're compatible with more mobile devices. Don't spend more than $15<p>If you intend on selling something from the site, I'd recommend getting some form of company validation on top of the standard domain validation which is performed when buying cheaper certs. GeoTrust, Comodo, Globalsign, etc. can help. It should cost less than $100.<p>The best certs to get to re-assure your customers are the EV ones. No need to go full Verisign and waste ton of money on them, you can get them cheap-ish from Globalsign, Comodo and Geotrust resellers.<p>If you're getting a cert generated by an established certificate authority, it doesn't really matter who you buy it from. Aim for the best price for the level of support that you want to get.
Don't feed the SSL cartel<p>Free SSL cert accepted by all modern browsers <a href="https://www.startssl.com/?app=1" rel="nofollow">https://www.startssl.com/?app=1</a><p>They are owned and operated by <a href="http://www.startcom.org/" rel="nofollow">http://www.startcom.org/</a>
StartSSL.com offers free yearly simple SSL certificates, and are supported by all major browsers. If you want higher-grade, you'll have to pay.
They're very open about wanting to provide free simple certificates for everyone.
FWIW, Stripe recommends DigiCert:
<a href="https://stripe.com/help/ssl" rel="nofollow">https://stripe.com/help/ssl</a><p>> <i>We recommend DigiCert — their certificates have very wide acceptance (for example, Facebook uses a DigiCert certificate). Other options include NameCheap and GoDaddy. They have slightly lower acceptance but their basic certificates cost $10 to $20.</i>
I cannot recommend Comodo.<p>I paid for one of their certificates (through a re-seller) but they refused to issue it on the grounds that they could not verify my phone number. It was true that it was not in the directories they referred to, but they did not make that clear before selling the certificate.<p>I would have made a chargeback, but was paranoid about them informing other CAs of the fact - it would be a disaster if I was never able to get another SSL certificate.
Side question: what's the best company for SSL certificates where you're hosting multiple distinct domains for various clients on the same server? I've read about SAN certs, but I haven't found any documentation ...
Also, you might be interested in the trust relationships between the major CAs.<p>- <a href="https://www.eff.org/files/colour_map_of_CAs.pdf" rel="nofollow">https://www.eff.org/files/colour_map_of_CAs.pdf</a><p>- <a href="https://www.eff.org/files/DefconSSLiverse.pdf" rel="nofollow">https://www.eff.org/files/DefconSSLiverse.pdf</a>
Slightly off topic, but how are people using SSL with App Engine? Last time I checked they didn't support SSL on your own domain. I'm not sure if this is similar for e.g. Heroku. I presume most non-trivial apps would have some kind of secure login.
We've used Comodo certs for our projects, given out for free by our provider SSD Nodes (<a href="http://www.webhostingtalk.com/showthread.php?t=1122631" rel="nofollow">http://www.webhostingtalk.com/showthread.php?t=1122631</a>). I think the certs by themselves are $9-10/year if you decided to get them on your own.
A little off topic, but I'm thinking of using CloudFlare's "Easiest SSL Ever"... Is anyone here using it?<p><a href="http://blog.cloudflare.com/easiest-ssl-ever-now-included-automatically-w" rel="nofollow">http://blog.cloudflare.com/easiest-ssl-ever-now-included-aut...</a>
I get ours through our registrar (who also does our sideproject hosting), DreamHost. They have $15/year certificates (via Comodo), and you automatically get both the root and the www. subdomain of the certificate, included in the price.
What's your goal? There are all types of certificates, some cheap and some expensive. If you're aiming for cheap, companies like Namecheap and GoDaddy sell them for peanuts but they're "cheap" certificates, not with bells and whistles.
I use <a href="http://exoware.net/" rel="nofollow">http://exoware.net/</a> They're a small company, but they care and they do a good job so we get along just fine. SSL starts at £15 a year and goes up. £70 per year for a wildcard.
Ignore anyone in this thread telling you to use StartSSL.<p>When you care about your cert (validated, EV, etc): DigiCert.
When you don't care that much: RapidSSL from Namecheap.<p>The end.