What's the difference between rapidSSL and geotrust certificates? [closed]

Question

I want to buy a 128bit SSL certificate for a website selling services. I checked http://www.rapidssl.com/ssl-certificate-products/ssl-certificate.htm and http://www.geotrust.com/ssl/compare-ssl-certificates.html. Why are the prices for QuickSSL (Geotrust, $249) and RapidSSL (rapidSSL, $69) so different? Is there any particular reason for this or it's just marketing?

RapidSSL says the following:

However it is our opinion that sites conducting more than 50 transactions will require a Professional Level SSL certificate due to the increased likelihood that the website's customers will expect SSL from a highly credible and established SSL provider and well known internationally accepted SSL brand.

(by "professional level SSL" they mean Geotrust certs)

P.S. will users really pay attention to the SSL issuing authority brand name?

Answer 1

The job of the SSL certificate authority(CA)/provider is to validate your organizational identity so that when customers access your web site, they not only get the padlock for security, but they know that your identity as the fully qualified hostname are authentic and not some phishing scam.

True, most all users look no further than the padlock indicating secure connection to their bank web site, email, etc. However, if any CA were to become compromised, all browsers who trust that CA would be vulnerable, because an attacker could forge a certificate for any domain, including yours. Your choice of certificate provider has no bearing on this. I have yet to hear about this actually happening. MITM attacks are a big deal now with wireless hotspots becoming more and more prevalent.

One more thing is browser compatibility. You would expect that your newly purchased cert be compatible with every modern browser. This is because they are all loaded with a list of root CA certs that trust a select list of SSL certificate authorities. If you buy from a CA that is not on that list, all your client browsers will get a security warning that the site's cert is not trusted. Just doublecheck that RapidSSL, Geotrust, or whoever you go with is in the list of all the browsers you care about. (e.g. for Firefox, it's at Tools/Options/Advanced/Encryption/View Certificates/Authorities tab)

In the end, just get the cheapest one that gives you the level of encryption you want. It'll get the job done. Check with your web host provider. They may have discounts.

Answer 2

To clarify, both are owned by Geotrust(R) . One difference is that Geotrust certificates use "Geotrust" root, and RapidSSL certificates use "Equifax" root, which will be shown in the certificate info "Issued by".

Answer 3

I know this has an accepted answer already, but there is another aspect.

The more expensive SSL certificates usually have a better warranty when it comes to fraud. A lower cost SSL cert may cover $10,000 worth of fraud whereas a higher cost SSL cert may cover you for $100,000, for example.

Answer 4

they both do the same job, just brand perception i guess

honestly i don't think the end user would even notice. as long as they see the little padlock they will be happy

ps. godaddy certs are cheaper

Answer 5

This has a good overview of the RapidSSL faqs.

This will give you the same for the QuickSSL.

The main difference in these certificates is the amount of verification during purchase. The encryption is basically the same for both.

Answer 6

As for the warranty mentioned above, as far as I understand this is a warranty to the "end user" in case the certificate authority issues a certificate to a fraudulent person/domain. It is not a warranty to the website owner.

Answer 7

Pretty late to the game but there is one other detail worth noting here--RapidSSL is not on IE8's list of trusted authorities.