Solved

SSL certificate options

Posted on 2009-06-30
4
1,249 Views
Last Modified: 2012-05-07
Hello, just a basic question regarding SSL certificate options.  It looks like there are a ton of vendors out there, and not a huge amount of difference between the certificates.  My hosting company has a relationship with Trustwave, where I can get a certificate for $89 per year.  I know I can go much cheaper with GoDaddy or others, but I don't mind paying the extra $$.  But the question I have is, what is the downside with going with a lesser-known SSL certificate vendor from a user perspective?  When I look at certificate authorities on my FireFox browser, Trustwave is not listed but GoDaddy, Thawte, Verisign, etc. are.  Does that mean I (and other users) would get a popup window/warning message when I went to a site secured by Trustwave?
0
Comment
Question by:Jayrw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 5

Expert Comment

by:Ahmed Ezzat AbuRaya
ID: 24747134
There are some sites offering help about choosing the best SSL  vendor and what are the differences between them.  Have you checked http://www.whichssl.com/ ?

Hope it can help you :)
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 24748466
Trustwave is compatible with most browsers.  You are probably just looking for the wrong thing - they will show up under "SecureTrust CA" not Trustwave.  When you view the cert, on the Certification Path tab you will see it listed as Trustwave.  You should be fine for most cases - I don't know them well enough to say which products they are or are not listed, but the have the big ones at least.  I did notice that I don't see them listed in my blackberry, whereas godaddy is, for what that's worth.

From one of Trustwave's brochures, they claim to be compatible with at least:
IE 5.00.2919.6307+
Netscape 4.61+
AOL 5+
Opera 6.1+
Mozilla 0.9.8+
Safari (all)
Firefox 0.7+ (including other linux browsers that follow FF's lead such as Epiphany, Galeon, and Konqueror)
0
 

Author Comment

by:Jayrw
ID: 24749527
Did you see that in IE or Firefox?  My version of IE (IE7) does not list SecureTrust under Trusted Root Certification Authorities.  And my version of Firefox (FF3) lists SecureTrust under Certificate Manager - Authorities, but all of the certificate details referenced SecureTrust, not Trustwave.  Just want to make sure I have a basic understanding - I may be looking in the wrong place.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 24749809
Sorry, I am looking at IE6 right now.  I don't have access to others at the moment until I get home, but will look at it then and get back tomorrow.

Securetrust is another name for the same company.  It also may be possible that they cross-signed one with the other, which is common when a company rolls out a newer root to get the integration level of the older root.

The Trustwave is the friendly name of the cert in my store.  The friendly name is arbitrary and may change from deployment to deployment, or even not be present.  Here's a certificate easter egg for ya (I assume this works in IE7/FF3, but does in IE6 for sure): open up the root cert and look at the 3rd tab Certification Path Information - note the name, then go to the Details tab and look for the Friendly Name attribute - note it is the same as 3rd tab, now click the Edit Properties button and change the friendly name attribute to whatever you like and click ok, then go back to the 3rd tab.

The cert I am looking at is this:
Serial number: 0c f0 8e 5c 08 16 a5 ad 42 7f f0 eb 27 18 59 d0
Subject: CN = SecureTrust CA / O = SecureTrust Corporation / C = US
SHA1 thumbprint: 87 82 c6 c3 04 35 3b cf d2 96 92 d2 59 3e 7d 44 d9 34 ff 11
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question