SSL certificate options

Hello, just a basic question regarding SSL certificate options.  It looks like there are a ton of vendors out there, and not a huge amount of difference between the certificates.  My hosting company has a relationship with Trustwave, where I can get a certificate for $89 per year.  I know I can go much cheaper with GoDaddy or others, but I don't mind paying the extra $$.  But the question I have is, what is the downside with going with a lesser-known SSL certificate vendor from a user perspective?  When I look at certificate authorities on my FireFox browser, Trustwave is not listed but GoDaddy, Thawte, Verisign, etc. are.  Does that mean I (and other users) would get a popup window/warning message when I went to a site secured by Trustwave?
JayrwAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ahmed Ezzat AbuRayaNetwork Developer EngineerCommented:
There are some sites offering help about choosing the best SSL  vendor and what are the differences between them.  Have you checked http://www.whichssl.com/ ?

Hope it can help you :)
0
ParanormasticCryptographic EngineerCommented:
Trustwave is compatible with most browsers.  You are probably just looking for the wrong thing - they will show up under "SecureTrust CA" not Trustwave.  When you view the cert, on the Certification Path tab you will see it listed as Trustwave.  You should be fine for most cases - I don't know them well enough to say which products they are or are not listed, but the have the big ones at least.  I did notice that I don't see them listed in my blackberry, whereas godaddy is, for what that's worth.

From one of Trustwave's brochures, they claim to be compatible with at least:
IE 5.00.2919.6307+
Netscape 4.61+
AOL 5+
Opera 6.1+
Mozilla 0.9.8+
Safari (all)
Firefox 0.7+ (including other linux browsers that follow FF's lead such as Epiphany, Galeon, and Konqueror)
0
JayrwAuthor Commented:
Did you see that in IE or Firefox?  My version of IE (IE7) does not list SecureTrust under Trusted Root Certification Authorities.  And my version of Firefox (FF3) lists SecureTrust under Certificate Manager - Authorities, but all of the certificate details referenced SecureTrust, not Trustwave.  Just want to make sure I have a basic understanding - I may be looking in the wrong place.
0
ParanormasticCryptographic EngineerCommented:
Sorry, I am looking at IE6 right now.  I don't have access to others at the moment until I get home, but will look at it then and get back tomorrow.

Securetrust is another name for the same company.  It also may be possible that they cross-signed one with the other, which is common when a company rolls out a newer root to get the integration level of the older root.

The Trustwave is the friendly name of the cert in my store.  The friendly name is arbitrary and may change from deployment to deployment, or even not be present.  Here's a certificate easter egg for ya (I assume this works in IE7/FF3, but does in IE6 for sure): open up the root cert and look at the 3rd tab Certification Path Information - note the name, then go to the Details tab and look for the Friendly Name attribute - note it is the same as 3rd tab, now click the Edit Properties button and change the friendly name attribute to whatever you like and click ok, then go back to the 3rd tab.

The cert I am looking at is this:
Serial number: 0c f0 8e 5c 08 16 a5 ad 42 7f f0 eb 27 18 59 d0
Subject: CN = SecureTrust CA / O = SecureTrust Corporation / C = US
SHA1 thumbprint: 87 82 c6 c3 04 35 3b cf d2 96 92 d2 59 3e 7d 44 d9 34 ff 11
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.