Should I go for dedicated SSL or free shared SSL? What's the deal?

calvinrobinson

New member
I have two questions about SSL certificates that I'm hoping you guys will share your experience and thoughts on.

Question 1:
How important is it to have your own dedicated SSL certificate vs. using the free shared SSL certificate? Have any of you guys noticed a loss in customers or orders or any negative side effects at all from using the free shared SSL certificate?

Question 2:
What are some good places to buy SSL certificates and what's a fair price? I've contacted Verisign and their prices are beyond my budget.

Thanks.

P.S. My apologies if these questions have been asked and answered before.
 
From a consumer standpoint, I like it when sites have their own SSL certificates. When I see that I am on a different URL then I expect, I do perform a little research to make sure everything looks right.

Verisign is going to be pretty expensive to buy SSL certificates from. Do a search for Quick/Turbo SSL certificates and you should easily find them very competitively priced.
 
If you are selling a product having a dedicated SSL certificate is not an option, but a requirement. Having an SSL cert. ensures a higher level of trust when making online purchases. On the other hand a shared cert. is not recommended. Also, you can find very cheap SSL certificates for less than or around $20.00 which is relatively cheap.
 
Dedicated SSL certificate is required for selling products in order to ensure a higher level of trust while making online purchase.
 
If you have a huge budget I suggest that you should get a dedicated SSL.

If verisign is to expensive look at comodo. But don't take a very cheap SSL they are mostly not trusted.
 
Think of a Dedicated SSL Certificate as a cash register in the store. Just about every store you go into, you pay at the cash register before you leave right? How would you feel if when you get to the checkout clerk, they tell you "ok, thanks for your order, now please go accross the street and pay them - we don't have registers here"

That's essentially what a Free SSL Certificate is doing. You're being lumped in with other merchants similar to a flee market and then one central area to checkout.

We deal with eCommerce daily, and SSL Certificates go hand in hand with our operation. Comodo is highly trusted, GeoTrust and GlobalSign are also trusted without an issue. GoDaddy certificates work just as well too. Really, when it comes down to it, the end user generaly just wants to see the little gold lock and not have to deal with any popup saying "this certificate is untrusted, do you want to continue"

There's plenty of cheaper ones out there that are trusted by 99% of all browsers - just be sure you're getting a 256bit SSL Certificate.

Again, MOST SSL certificates will work out there, just be sure that you get a real SSL Certificate and not one of the Shared SSL's. Your conversions will DEFINITELY suffer otherwise.
 
Then if you have the resources and the bucks, go for the green bar a ExtendedSSL . Wow, now thats a top shelf SSL cert for only $759 USD a year.
 
Actually, check around on that EV SSL stuff ;) MANY hosting companies can now include the EV SSL's with a regular SSL Certifciate for under $100/year. You're no longer locked into those larger invoices ;)
 
If you have a huge budget I suggest that you should get a dedicated SSL.

If verisign is to expensive look at comodo. But don't take a very cheap SSL they are mostly not trusted.

Honestly, you don't need a huge budget. You can get an SSL certificate nowadays for around $10 to $15 per year. The only other cost is most of the time the provider charges for a dedicated IP which you need for the SSL.
 
Honestly, you don't need a huge budget. You can get an SSL certificate nowadays for around $10 to $15 per year. The only other cost is most of the time the provider charges for a dedicated IP which you need for the SSL.

I believe that if you need SSL you already have dedicated IP with your host
 
With the amount of SSL resellers these days, including me, you can get SSLs for WAY cheaper than the actual prices. Look around on HostingDiscussion and you're sure to find one.
 
This is actually nothing.. SSL created for secure works - like your bank account check securely or SSL 128 Protection. But now people using it - Just for show his clients your are secure here..

P.S. Every body know anyone can brake your ssl within an hr. <No offence>
 
P.S. Every body know anyone can brake your ssl within an hr. <No offence>

Can you elaborate on cracking an SSL Encrypted Session within an hour?
128 bit keys would have a possible combination of 339,000,000,000,000,000,000,000,000,000,000,000

256 bit encryptions are obviously higher.

Where do you have information on breaking the code within an hour?

According to Wikipedia there's currently no amount of traditional computing power that will crack a 128 bit encryption - http://en.wikipedia.org/wiki/Large_numbers#Computers_and_computational_complexity
 
Last edited:
I cant help but say, if you purchase something other than Root Certificate by using 2048 bit RSA keys in a SSL certificate and don't do so through a long standing - reputable company your just waisting money and your time. It wont be worth the email paper you printed your receipt on!

Currently there is a "Trade-In" program that most up to date sellers of SSL cert's know is going on, where you can trade in your old out of touch certificate and move into a more reliable "Root" SSL and also benefit from moving to an unlimited licensing model, this means that a single Certificate could be installed across multiple servers without additional costs to the end customer, maybe you!

Regards!
 
I cant help but say, if you purchase something other than Root Certificate by using 2048 bit RSA keys in a SSL certificate and don't do so through a long standing - reputable company your just waisting money and your time. It wont be worth the email paper you printed your receipt on!

You can generate a self signed certificate and it will still encrypt the session without any problem.

The only reason that you'd want to purchase a certificate is so that the user does not get a popup in their browser asking if you want to trust the website you're going to. So it's more of a convenience thing.

The transaction (even on a self signed certificate) is still encrypted.
 
You can generate a self signed certificate and it will still encrypt the session without any problem.

The only reason that you'd want to purchase a certificate is so that the user does not get a popup in their browser asking if you want to trust the website you're going to. So it's more of a convenience thing.

The transaction (even on a self signed certificate) is still encrypted.

This has always bugged the hell out of me.
Any Tom, Dick or Harry can buy and certificate that will not give browser errors so it doesn't make a purchase or transfer of information any more safe than a self signed certificate.

Is this a scam in anyone's opinion?
 
The only reason that you'd want to purchase a certificate is so that the user does not get a pop up in their browser asking if you want to trust the website you're going to. So it's more of a convenience thing.


Well handsonhosting, still sounds like less of a PITA to me. I hate seeing that annoying security pop up all the time, every where I go. Now that's something you can take to the bank. Oh and lets not forget the $$ security guarantee of the company backing the SSL Certificate. :thumbup:
 
Last edited:
This has always bugged the hell out of me.
Any Tom, Dick or Harry can buy and certificate that will not give browser errors so it doesn't make a purchase or transfer of information any more safe than a self signed certificate.

Is this a scam in anyone's opinion?

To answer that you firstly need to understand the purpose of SSL, SSL is simply a cryptographic protocol at the transport layer responsible for the secure transmission of packets. Meaning it will work as said with or without a company providing you an encryption key, as these can simply be generated by anyone.

The issue lies not with SSL but instead with the issue of trust, the purpose of SSL for companies is to instil trust in their users in said companies system, the purpose of the certificate as a result is to "Verify the company is who they say they are" not to encrypt the data (this is handled at the transport layer).

This verification is done by the users browser with the provided certificate sent along with the key to the user, the reason self signed certificates are considered less secure is in the fact that I could say for example "I'm the Queen" and to the user I may appear to be, this doesn't mean I am ;)

As well as this COMODO, VeriSign and co also with their various levels of certificate (increased level of proof required by a company to acquire) offer increasing compensations/limits on transactions for which they verify the company to the user for.

To summarise, you are paying for a form of ID, not encryption (even though they all utilise different generation methods) and the use of SSL certificate as a term is somewhat misleading.
 
CSN nailed it!

On a different note - SSL Certificates or shopping carts with HTTPS mode does not necessarily mean "secure", it just means the transmission of data is encrypted. If the shopping cart or form is just emailing that information in plain text which can be intercepted, the SSL transaction didn't mean a lick!

The guarantee on Certificates (at least in Comodo's case) has never EVER been paid out. It's not a guarantee for the customer that you're paying a legit company, it's a guarantee that the encryption can not be broken, and if it is, they pay "X" amount. Comodo has yet to pay anyone for breaking a certificate.
 
Back
Top