All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Buying Low Cost SSL Certificates - Browser and OS Compatibility
I need a small number of low-cost SSL certificates. The important requirement is compatibility with most browsers and operating systems. I will be using them to secure specialized browser-based applications on my servers.
Here are my questions:
Are there certificate authorities I should avoid, because the certificates that they issue cannot be authenticated by popular browsers and operating systems?
As long as the end-users' browsers establish a secure SSL connection to my servers, why do I care which certificate authority signs my certificate? Do normal end users actually bother to check which CA signs my certificate?
Here are my thoughts:
Buy the least expensive SSL certificate, as long as nearly all browsers and OSs can authenticate it and the corresponding SSL connections are secure (they use appropriate key sizes, etc.).
If a few tin-foil-hat types disable certain root CA certificates in their systems so that my servers won't authenticate, that's their problem, not mine. I suspect that very few people actually do this.
Am I missing any other considerations?
Comments
The least expensice SSL certificate would be free: startssl.com
The SSL certificate is compatible with basically everything since about 5-7 years:
Some websites will tell you that Windows XP needs a service pack or special update, but I tried it for myself, a virgin old Windows XP installed without any servicepacks or updates shows my StartSSL secured websites without any issues in the mighty IE6
I am not sure about Java, Windows Phone and RIM/Blackberry though.
I think they are referring SNI.
why do you think this is about SNI? SNI is just used to serve multiple certificates on one IP. No matter from which certificate authority. SNI is not working with Internet Explorer on Windows XP, so in my opinion it is still not usable for serious projects.
lol, you're joking, right?
IE6 is 12 years old. As of 2014 IE, all versions, have 10% market share - IE6 with a mere 0.1%. Windows XP will be officially disbanded by Microsoft on April 8, 2014. Why are you using either. In my opinion using these outdated systems is unusable for serious projects.
bizarre comment - i cant find any data in last 3 months that shows IE with less than 50%+ market share...
Thank you to everyone for their input.
To repeat myself, I just want to make sure that whichever browser the end user is using can authenticate my website. Even though XP is old, I assume that Microsoft has periodically updated the root certificate authorities in the past (through next month). I am willing to accept the possibility that there may be users who never bother to update and thus won't be able to authenticate until they do. I also assume that Microsoft will continue to make the old XP "updates" available for the foreseeable future, even if they do not release new ones after April.
The user base for my particular set of applications has strong domain knowledge for the applications, but many of them may not be very tech-savvy. Even so, it is reasonable to expect that they update their systems enough so that their browsers can authenticate the websites/applications.
ssls.com for multiyear cheap certs...
Just the top suggestions on Google:
http://www.w3schools.com/browsers/browsers_stats.asp
http://statcounter.com/
http://stats.wikimedia.org/archive/squid_reports/2014-01/SquidReportClients.htm
http://www.w3counter.com/globalstats.php?year=2014&month=2
Older: http://clicky.com/marketshare/global/web-browsers/
Even Microsoft themselves sees 4.4% usage of IE6 (mostly in china) http://www.modern.ie/ie6countdown
gogetssl cheaper, or get 1 from sslpornstar.com lol