Here's how I think it works:<p>Cert issuing companies are in business because they somehow got Firefox, IE, Opera, etc., to include their authority certificate by default in the browser.<p>You could start your own competing service but you'd somehow have to overcome that obstacle.<p>Second, many of those companies offer "business validation" services. This is the more expensive cert, maybe $400 or more. They make sure you have a D&B number, and ideally do a bit of auditing to be sure that you are legit.<p>So if you are one of those companies and you can make money just for selling a cert, and without having to do any sort of audit, why wouldn't you? With such a basic cert you are mostly just allowing users to have ssl transport without an annoying browser message. That is worth something.<p>There are even cheaper ones that use a second cert which I think is just a basic part of SSL. You could buy a cert and then issue certs, and as long as the web server includes the full chain, it should be OK.
I'm using a wildcard ssl cert from them on some of our sites now. It works fine. Their logos are ridiculous, so we don't use those.<p>They are so cheap because GoDaddy does everything with a metric fuckton of volume.
Second the posts here. It's computationally cheap to issue a certificate. Godaddy figured, hey, why not try to take some business away from the other players? Minimal cost to them, once they got the issuing authority credentials from FF/IE/Safari/etc.
I've used them with no problems. Generating a certificate isn't very expensive, really, and I am surprised the prices didn't come down sooner than they actually did.<p>It's about time, though.
Because the certificate racket is a scam.<p>My prime numbers are as good as Thawt's but they have the browser recognize their's and not give the scary 'request for security exception' warning that a lesser cert maker does.<p>The fix is in. It's a scam.
Yeah, we're in the market and it almost seems to good to be true.<p>Any experience with the EV certs?<p>IMHO, this seems like it might be a good way to add user confidence if you're going the route of a lessor market brand.