All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Some SSL Questions
Always been curious about SSL and on the edge of buying a Positive SSL (4.99 / year) for 1 domain.
Just curious if you're setting up SSL authentication (with nginx, and it's just the basic Positive SSL) will there be performance issues on your web-server?
For example, since the ssl key needs to be verified per refresh, is that noticeable or does it become negligible?
Would the SSL validation be faster / slower dependent on which provider you bought the key from? For example, buying a key from ssls as compared to symantec.
And finally, how can let's say 'SSLS' sell these ssl certificates for $4.99 a year, while symantec basically offers the same thing but for 399$ a year. Are the cheap certificate sites basically re-seller accounts from symantec?
Comments
Just try with the free WoSign certs before spending any money, if you're unsure about anything. https://www.ohling.org/blog/2015/02/wosign-free-2y-ssl-certificate.html
But no, there is no performance hit, not even with WoSign, despite some having concerns about their CRL servers being located in China.
Use OCSP Stapling instead of CRL, it's the only Performance Degrading Point, however it's for authentication as you said. But, it takes very little time (possible Milliseconds) so you won't find any notable change however, people who want to be faster in everything are using OCSP Stapling Now. SSLs Selling Symantec Certs for $4.99 ?? Unless I'm not misleaded, They sell PositiveSSL at that price. Symantec is of course regarded as More trustworthy than Comodo, so the price differs.
Nope, they're different brands. Positive ssl is domain validated SSL, and all ssls from Symantec are organization validated ssl, which means you have to submit your company legal document to obtain the certificate. Comodo (company behind PositiveSSL) has some org validated SSL too, with cheaper price than Symantec, but again they're different brands.
I've always wondered what "trustworthy" means. For example on GoGetSSL they give a "user trust level" score out of 5 stars...what does that really mean?
Do they seriously think the average (or even most professional) users know the difference between RapidSSL Standard (2 stars), Comodo EssentialSSL (3 stars), and Comodo Intel vPro AMT (5 stars)?
Or does it mean something completely different?
I think the only thing users know is the most expensive SSL gives you the 'Long Thick Green Bar' at the top left... LOL
more stars = they get more money
I have often wondered the same thing. As long as the certificate chain authenticates and they see the appropriate icon in their browser's address bar, then all that most people see is whether it is an ordinary certificate or an EV certificate. Few people pay attention to anything else, and fewer people know or understand the subtleties.
Lol, For Me, EV / DV SSL Doesn't make any change. But, for the Beginner users, maybe The Green Bar is considered as a Crown :-P I just told what they think.
In your case, there is specific issue with your web-server at it might have concern with a basic type of SSL certificate such as Domain Validated (Positive SSL) on Nginx.
SSL certificate key authentication is prerequisite.
In technical language, SSL certificate authentication depends on its type not on the base of brand.
The various types of SSL certificate has specific period of authentication such as Domain Validation Certificate require only domain who-is information or email verification. However, the other types of SSL certificates require additional material of verification such as opinion latter, legal company documents etc. An entire authentication process normally takes up to 5 to 10 business working days.
These days SSL doesn't result in a slower site. CPUs have hardware acceleration for encryption algos.
You can turn on spdy in nginx to speed up SSL sites.
SSL certs are just digital signatures. They shouldn't cost so much but they do because only a few companies had their root certs in browsers and they created a cartel to fix prices. As more companies got their root certs supported and competition intensified prices fell.
Just grab a free cert from wosign. It's actually issued instantly and non of the bugs that people faced early on are relevant anymore. The Chinese learn from user feedback and quickly improve their services.
The SSL certificate from ssls.com is comodo domain validation cert whereas certificate offered by Symantec is business validation. So level of encryption are different. Domain validation certificate will just confirm authenticity of domain via generic email ID whereas in business validation certificate whole legal information and existence of the business will be verified.
There are also variation in features like, ssl certificates from Symantec give facilities like daily malware scan (which reduces the risk of malicious attack), SAN support (up to 25 host names), above $1500K warranty etc. Basic certificate from Comodo stands very back from Symantec product.
And; you are right. SSLs.com is a reseller of various CAs. And usually resellers can gives extra discount on ssl certificate. You can find symantec's and other CAs' discount coupons on this platform http://www.cheapsslcouponcode.com
No, SSL will not slow down the performance of you weisite. I asked SSLS the same question, how they made it so cheap. Their answer was that they act like a reseller and buy certificates from the CA's in bulk. So they got much better price.
I usually delete any Chinese related CA from my browser as the first thing. I normally avoid any Chinese related CA's.
Not sure I understand what you mean here, but Positive SSL is perfectly fine with nginx - I don't see what the issue would be.
The level of encryption is exactly the same, and depends 100% on what kind of ciphers and TLS versions you enable on your server. The only difference between a domain validation cert and a more expensive cert is the color you see in the address bar (green or not) and the amount of warranty that comes with it. It's not even technically possible for them to provide different types of encryption.
Agreed. Most people who have issues with PositiveSSL have simply misconfigured their server. It's easy to misconfigure a server with PositiveSSL because it comes with two intermediate certificates, and you have to give them to nginx in the right order. Once you've done that, PositiveSSL works just as well as a certificate that costs 1000x more.
You actually can put all the certificates together as a big bundle file. Yours first, then the CA bundle.
I just do this ^ - it's a lot quicker to configure. You can easily do it in a few minutes.
For warranty difference agree with you but for green address bar I am not. Becasue the ssl for which @Dillybob is talking about is symantec secure site ssl thatdoes not come with green address bar. Checkout this products features at http://www.symantec.com/ssl-certificates/secure-site
Does not matter - WoSign is not in your browser, they use StartSSL cross-sign, so it works unless you remove Israeli certs as well.
never heard someone get paid