https://stackoverflow.com/questions/21797529
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianExpensive certificate issuers generally charge you for the work they do when they validate that you actually are you. They will i.e. call you on phone, check you up in business registers etc. The rationality behind this is that an attacker may be able to trick a cheaper certificate issuer to give him an SSL certificate with your name. It is difficult for an attacker to get an false, expensive certificate.
However, the problem here is that it is practically impossible for the end user to see any difference between an expensive and a cheap certificate. You buying an expensive certificate does not in any way prevent the attacker from tricking the cheap issuer into giving him a ceritificate.
So unless you have very consious users that can actually see the difference between your expensive certificate and an impersonators cheap falsification there is no technical reason to buy an expensive certificate.
A special type of cerificates is called EV certificates. They are more expensive and will generate a green background or similar signal in your browsers address bar. This can make a difference if your users will notice it.
Another issue is that many of the cheap issuers actually are subsidiaries of the more expensive companies and will in fact give you the exact same certificate. I.e. the certificate you get from Rapidssl used to be the same as one you can get from the more expensive Geotrust (this may have changed).
A last note. Make sure that the certificate issuer is actually recognized by a majority of all browsers. This is not a problem as long as you use a reasonably well known issuer.
