• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1259
  • Last Modified:

SSL certificate options

Hello, just a basic question regarding SSL certificate options.  It looks like there are a ton of vendors out there, and not a huge amount of difference between the certificates.  My hosting company has a relationship with Trustwave, where I can get a certificate for $89 per year.  I know I can go much cheaper with GoDaddy or others, but I don't mind paying the extra $$.  But the question I have is, what is the downside with going with a lesser-known SSL certificate vendor from a user perspective?  When I look at certificate authorities on my FireFox browser, Trustwave is not listed but GoDaddy, Thawte, Verisign, etc. are.  Does that mean I (and other users) would get a popup window/warning message when I went to a site secured by Trustwave?
  • 2
1 Solution
Ahmed Ezzat AbuRayaNetwork Developer EngineerCommented:
There are some sites offering help about choosing the best SSL  vendor and what are the differences between them.  Have you checked http://www.whichssl.com/ ?

Hope it can help you :)
ParanormasticCryptographic EngineerCommented:
Trustwave is compatible with most browsers.  You are probably just looking for the wrong thing - they will show up under "SecureTrust CA" not Trustwave.  When you view the cert, on the Certification Path tab you will see it listed as Trustwave.  You should be fine for most cases - I don't know them well enough to say which products they are or are not listed, but the have the big ones at least.  I did notice that I don't see them listed in my blackberry, whereas godaddy is, for what that's worth.

From one of Trustwave's brochures, they claim to be compatible with at least:
IE 5.00.2919.6307+
Netscape 4.61+
AOL 5+
Opera 6.1+
Mozilla 0.9.8+
Safari (all)
Firefox 0.7+ (including other linux browsers that follow FF's lead such as Epiphany, Galeon, and Konqueror)
JayrwAuthor Commented:
Did you see that in IE or Firefox?  My version of IE (IE7) does not list SecureTrust under Trusted Root Certification Authorities.  And my version of Firefox (FF3) lists SecureTrust under Certificate Manager - Authorities, but all of the certificate details referenced SecureTrust, not Trustwave.  Just want to make sure I have a basic understanding - I may be looking in the wrong place.
ParanormasticCryptographic EngineerCommented:
Sorry, I am looking at IE6 right now.  I don't have access to others at the moment until I get home, but will look at it then and get back tomorrow.

Securetrust is another name for the same company.  It also may be possible that they cross-signed one with the other, which is common when a company rolls out a newer root to get the integration level of the older root.

The Trustwave is the friendly name of the cert in my store.  The friendly name is arbitrary and may change from deployment to deployment, or even not be present.  Here's a certificate easter egg for ya (I assume this works in IE7/FF3, but does in IE6 for sure): open up the root cert and look at the 3rd tab Certification Path Information - note the name, then go to the Details tab and look for the Friendly Name attribute - note it is the same as 3rd tab, now click the Edit Properties button and change the friendly name attribute to whatever you like and click ok, then go back to the 3rd tab.

The cert I am looking at is this:
Serial number: 0c f0 8e 5c 08 16 a5 ad 42 7f f0 eb 27 18 59 d0
Subject: CN = SecureTrust CA / O = SecureTrust Corporation / C = US
SHA1 thumbprint: 87 82 c6 c3 04 35 3b cf d2 96 92 d2 59 3e 7d 44 d9 34 ff 11
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now