Which SSL cert and supplier?

We are changing from a self signed cert to a 3rd part one.
The firewall is managed by a 3rd party co.  I have the CSR for the new cert but unsure which co to use?


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ayoub RouziCeo & CoFounderCommented:
You can distinguish between cheaper domain-validated SSL certificates and the more expensive extended-validation SSL certificates (EV).

Both certificates are technically the same (the connection is encrypted), but domain-validated certificates are cheaper, because the seller only have to check the domain. The EV-certificates also require information about the owner of the domain, and the seller should check, if this information is correct (more administrative effort).

Normally you can see the difference when you visit the site with a browser. Firefox for example will highlight the domain in blue for domain-validated SSL, and green for extended-validation SSL.

Two examples:

https://accounts.google.com/ (domain-validated)
https://www.postfinance.ch/ (extended-validated)

Open in new window

In most cases the domain-validated certificate is fine, the user will have no disadvantages and the EV-certificates are really (too) expensive.

So, I will suggest you to use godaddy certificate.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ste5anSenior DeveloperCommented:
The cheapest solution is to use https://letsencrypt.org/. They are free of charge, if a DV certificate is sufficient for you.

btw, depending on the use-case EV or OV certificates are necessary. Cause it "transports" another level of trust. It's like a cheap vs. an expensive business card.
nociSoftware EngineerCommented:
As addendum to @ste5an  also checkout certbot implementation for your system as the LE. certificates run for 3 month at a time.
the automation of that process is desireable. THe certbot tool was created for that in tandem with the LetsEncrypt certificates.

Certainly recommended for DV certificates. (Even Wildcards should be possible).
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

CHI-LTDAuthor Commented:
So the godaddy DV  will work with Cisco?
Pete LongTechnical ConsultantCommented:
^^ Yes just make sure when you generated the CSR you chose 2048 bit :)

CHI-LTDAuthor Commented:
i ran the decoder which shows 2048.
Pete LongTechnical ConsultantCommented:
cool - I usually make the mistake and have to start again :)
Sanjay BFull Time Digital Marketing & Part Time Cyber security Knowledge seekerCommented:
Comodo is another great solution that comes with multiple features apart from 256-bit encryption like Highly visible site seal , free PCI scanning service, free daily website vulnerability scanning and more. You can switch to Comodo from a self - signed SSL Certificate. Catch more update about Comodo SSL Certificate here - https://comodosslstore.com/brands/comodo
Bhavesh PatelWeb AnalystCommented:
It’s a good decision from changing a self-signed cert to a 3rd party SSL.

I agree with Ayoub Rouzi answer.

If you a small website which doesn’t carry user’s sensitive information such as login credentials, credit card details, social security numbers, etc., then the Domain Validated SSL certificate is the best choice for you.

The DV SSL certificate comes with up to 256-bit encryption, free Site Seal, secure both versions www and non-www, 99.99% browser ubiquity, unlimited server license & re-issuance. It issues within minutes, no paperwork needed for issuance.

You can purchase a DV SSL certificate from the trusted certificate authority or you can go with SSL certificate resellers. Both are trusted, the only difference is pricing.

You can try 30-day free trial SSL certificate from the official certificate authorities’ website,

For RapidSSL Certificate - https://www.freessl.com/

For Comodo SSL Certificate - https://ssl.comodo.com/free-ssl-certificate.php

For Symantec SSL Certificate - https://www.symantec.com/products-solutions/families/trialware-popup.jsp?fid=ssl-certificates
CHI-LTDAuthor Commented:
This is just for the ASA VPN, but know a pen test will highlight this as an issue.
ste5anSenior DeveloperCommented:
hmm, I disagree with Bhavesh's post marked as answer, because Comodo and Symantec have shown severe security issues in the past. And currently Symantec is on the list of certificates which will be removed from Chrome's default root CA list this year.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.