SSL Cert

Hi,

I have a few different SSL certs installed on various sites.

I've bought all of them from here - https://cheapsslsecurity.com/comodo/positivessl.html - for $5 per year.

I've noticed before that one browser had trouble verifying the cert and it threw an error.

01 - can anyone recommend a good reputable SSL cert

02 - how do you get the green bar that some sites have such as https://stripe.com
oo7mlAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SpankinIAM SpecialistCommented:
hi

i would recommend either of those:

https://www.digicert.com/
http://www.symantec.com/ssl-certificates/
https://www.geotrust.com/
https://www.thawte.com/
https://www.comodo.com/

You will get green bar if you get EV (Extended Validation) type of certificate for your website.

The vendor you provided doesn't seem to be trustworthy. They don't even use their certificate for their own website... You will not get 'good' cert for this kind of money unfortunately.

SSL errors happen from time to time, however often user is the one to blame :) It all depends on what was the exact error.

edit: I just noticed that you probably bought Comodo cert, even then it's better to buy it directly from the company and not from reseller.
oo7mlAuthor Commented:
Thanks, i don't understand how i can avail of a comodo SSL cert for $5 a year when they are $80 in the comodo website?

https://ssl.comodo.com/comodo-ssl-certificate.php?key5sk0=2128&key5sk1=07158b2f0dd101bbaf0970dda301cae457e138d6
SpankinIAM SpecialistCommented:
I don't understand it either. If you can provide URL to your website we can check what product are you actually using.
Virus Depot: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. View our webinar recording to learn how to best defend against these attacks!

oo7mlAuthor Commented:
Thanks, here is one:

https://pay.lifecleanse.ie
SpankinIAM SpecialistCommented:
The cert looks good.
Here I found it for less than $8 per year - https://comodosslstore.com/positivessl.aspx
Seems that Comodo has many different pages for selling certs with different prices. I won't comment on that, however it's probable that it costed even less some time ago.

As a side note, you might want to install chain certificates on your web server as currently it's using AIA extension, which is not always working and it makes websites to load longer. If you don't know this website you can check some interesting things there: https://www.ssllabs.com/ssltest/analyze.html?d=pay.lifecleanse.ie
oo7mlAuthor Commented:
Hi, thanks... is there any reason why you would not use this cert - https://comodosslstore.com/positivessl.aspx

Also, can you explain the chain certificate?
SpankinIAM SpecialistCommented:
hey,

If I wanted to secure my website with certificate I would choose certificate of Extended Validation type. However it all depends on your requirements and budget. Positive SSL from Comode is ok, however it gives you less possibilities (no green bar to start with) and less security (warranty amount is $10k in opposite to over $1M for EVs - with that they admit it's easier to break).

Certificate, among other things, is validated against its CA (Certificates Authority) and up to the root certificate. Typical certificate chain consist of 1 or 2 certificates. Endpoint certificate is the one you have for your website. Root certificate should be on client machine, however it's almost always installed on 'server' as in many cases 'server' is also a client. Now chain certificates should come only from 'server' - your website in this case. And by that your endpoint certificate is chain validated on the server itsel making the transaction 100% successful and fastest possible. With your current setting chain certificates are not installed on your 'server' and are taken from AIA extension. Authority Information Access field within certificate details provides URL to certificate's CA. With that client is connecting to Comodo website in the background to validate your endpoint certificate, which makes the process longer. Also in case of any connectivity issues towards comodo website that holds chain certificate/s your website will be shown as untrusted due to incorrect chain.

In your case there are two possible chains, as per Comodo. Windows (at least) uses always the shortest chain (attached), while you might want your certificate to use longer path. In shorter chain there is 1 chain certificate (attached) and to check it client must connect to Comodo to verify it.
chain.jpg

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
oo7mlAuthor Commented:
Thank you.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.