Choosing an SSL Certificate and Provider
Providers
The * indicates how many recommendations a provider received in the HN articles listed in the Resources section. One star means two mentions, two stars means three mentions.
- StartSSL (free) * * * * * * * * * * * * * *
- Namecheap * * * * * *
- Gandi * * * *
- RapidSSL * * *
- DigiCert * *
- Comodo * *
- DNSimple *
- GetSSL * *
- Cacert (free)
- GeoTrust
- GlobalSign
- Verisign
- StartCom
- CheapSSL *
- PositiveSSL
- Trustico
- GoDaddy
- Exoware
- AlphaSSL
Scenarios
- Self Signed Cert ( $0 ). Internal ( not public ) consumption only. Avoid.
- Simple Cert ( $0 ). Secure login page for personal use. Recommended.
- Basic Cert ( < $10 / yr ). Give access to more people.
- Wildcard Cert ( < $90 / yr). Support all sub-domains of the primary domain.
- EV Cert ( < $100 / yr ). Get the green bar; maybe important for your image, if you’re selling something.
Terminology & Jargon
- EV. Extended Validation . This causes the green bar on the browser. Worth it?
- Wildcard Certificates . These work on all sub-domains.
- CA. Certificate Authority. This is the organization that issues the certificate.
- MITM
- Bundling in the CA
- Certification Chaining
- Certificate Bundling
- CSR
- Primary
- Multiple domains, one certificate
- Certificate acceptance (e.g. “They have slightly lower acceptance…”)
- SNI Certificate
Resources
Ask HN: What's the best company to buy SSL certificates from? (from 2011 – lots of comments)
Ask HN: Recommended SSL CA? (from 2014 – few comments)
Ask HN: what provider do you use for SSL certificates? (from 2014 – few comments)
Ask HN: What SSL certificate provider are you using and why? (from 2013 – few comments)
Ask HN: Where should someone buy a SSL certificate? (from 2014 – few comments)
Ask HN: Recommended SSL CA? (from 2014 – few comments)
https://stripe.com/help/ssl (good advice on setting up SSL)
https://www.ssllabs.com/ssltest/ (check whether you correctly setup your SSL Certificate)
https://konklone.com/post/switch-to-https-now-for-free?hn (explains how to use StartSSL)