EV certificates (Full Version)

All Forums >> [Web Development] >> Search Engine Optimization and Web Business



Message

Joe Hussar -> EV certificates (12/15/2006 6:20:39)

Hi................

SSL providers are offering EV Certificates ............. to qoute their info

"Extended Validation SSL Certificates give high-security Web browsers information to clearly identify a Web site’s organizational identity. For example, if you use Microsoft® Internet Explorer 7 to go to a Web site secured with an SSL Certificate that meets the Extended Validation Standard, IE7 will cause the URL address bar to turn green. A display next to the green bar will toggle between the organization name listed in the certificate and the Certificate Authority (VeriSign, for example). Older browsers will display Extended Validation SSL Certificates with the same security symbols as existing SSL Certificates"

I use Thawte for my SSL, and to get the EV protection it's ~ $600/yr.

I really don't have a feel as to whether this is worthwhile or not. It's certainly not cheap, and doesn't work on many browsers.

If anyone has experience with this, or an opinion on it's value I would be very appreciative to hear from you!

Thanks



coreybryant -> RE: EV certificates (12/15/2006 6:23:53)

Verisign is the number one leader in the industry. Comodo is number two. Verisign has bought out most of other companies (Thawte / Geosign) so that are pretty much the same - just they maintained their brand.



Joe Hussar -> RE: EV certificates (12/15/2006 6:35:51)

Thanks for info. Do you think it's worth having?





jaybee -> RE: EV certificates (12/15/2006 7:04:43)

At $600! no, not unless you're raking it in.



coreybryant -> RE: EV certificates (12/15/2006 9:06:49)

Depends. Some merchants look at Verisign and they think security. They then think their customers will think this as well - so they pay quite a bit for the Verisign logo. Comodo has an image as well that they give you.

It's about perception. Ten years ago, an SSL cert was over $1,000 dollars. An SSL cert is there to encrypt data. So they all encrypt data? Yes - but what you want is that the SSL issuing authority to be installed automatically on browsers so that customers don't get a pop-up - saying it is an untrusted source.

Merchants tend to build their sites on their own beliefs and terms. We usually get Comodo SSL certs for our customers. They have not been bought out by Verisign. Verisign left a bad taste in my mouth a few years ago when it would not release a domain name. And I have a tendency to hold a grudge. So I would not want a cert now from them or any company they have bought out (even though they are the largest).



Reflect -> RE: EV certificates (12/15/2006 12:38:54)

Remind me not to piss you off Corey [;)].

Me on the other side being lower end sites that operate on shoe string budgets. I tend to go with shared certs.. I don't recall ever getting popups for untrusted source or having that reported to us. Would that be a server side miss-configuration?

I can/do understand what you are saying about branding and it bringing in more confidence with shoppers. However does an average Joe on-line shopper even know what Thawte or others are?

Take care,

Brian



jaybee -> RE: EV certificates (12/15/2006 14:11:36)

quote:

Would that be a server side miss-configuration?
AFAIK, most people just look for the padlock and run a mile if the warning come up and doesn't match.

Misconfiguration quite possibly. I have an SSL just gone in on a customer site. They've configured it for the domain so if someone goes in on the sub domain www. the warning appears. Same name but it's irritating.



coreybryant -> RE: EV certificates (12/15/2006 14:35:07)

It's only been seven years Bryan LOL

An SSL cert is issued to a particular domain name - like www.example.com. If you bring up https://example.com instead of https://www.example.com - you will get an error. Something like
quote:

The security certificate presented by this website was issued for a different website's address.
Basically CA (certificate authorities) should be checking the domain name when an SSL cert is issued. Some do and some do not.

If you add unsecure objects / scripts, you will get an error like
quote:

This page contains both secure and nonsecure items.

Do you want to display the nonsecure items?
usually it is a coding error. Or people don't know / understand if they are buying cert themselves. Some people think it needs to be secure.example.com or ssl.example.

There are also wildcard certs - issued to *.example.com so subdomain.example.com, jaybee.example.com, reflect.example.com - etc are all called in a secure manner. Browsers used to not be able to handle these because the SSL was issued to *.example and not subdomain.example.com. Some hosting companies get a wildcard cert and then allow their users to use theirusername.example.com.

if you can generate your own CSR (certificate signing request) via the server, then you have more options to get an SSL cert.

If you do get the
quote:

The security certificate presented by this website was issued for a different website's address.
you should always double check to see what is happening. It could be a mistake or potential fraud



BobbyDouglas -> RE: EV certificates (12/15/2006 18:49:26)

The shared certs that you are talking about are usually something like https://host-name.server-group.com/~my-website

Shared certs are perfectly fine for most websites, however, the address url changes to something that is not the same as your website. So if you are at example.com and you use a shared cert, it will change the address to https://host-name.server-group.com/~my-website

A $15 cert will have the same level of security as Verisign's $1000 cert. You pay Verisign for their name.

I use Comodo SSL too. The service I get when I renew/buy certs is amazing.



Joe Hussar -> RE: EV certificates (12/16/2006 7:11:29)

Thank you all........... good discussion and very helpful!



jaybee -> RE: EV certificates (12/16/2006 9:55:07)

Sorted my problem out. This is not a shared cert. The host set it up for domain.co.uk but I had the store set up for www.domain.co.uk.

I went in and took the www off but as luck would have it, at about the same time, the host realised what they'd done and added the www. [&:]

I've now put the www back on the cart and all is hunky dory.



BobbyDouglas -> RE: EV certificates (12/16/2006 17:55:48)

I've had that problem before. People ask for the "domain" to install the cert on, I usually leave out the www when I deal with domain names, however with SSL certs that www is treated as a sub domain. Oh well [:(]



randylsmith -> RE: EV certificates (1/5/2007 18:05:32)

Has anyone figured out the how-to to get IE to stop telling people my good wildcard certificate is bad?

I'm using Windows Server 2003 with a Thawte Wildcard cert. I've done the bindings and all, but now, esp when you use IE 7, IE says there is a problem with the cert and that it doesn't match the web site.

Aaargh!




jaybee -> RE: EV certificates (1/5/2007 18:19:42)



What's the message?



randylsmith -> RE: EV certificates (1/5/2007 18:37:29)

Basically that the web site domain name doesn't match the certificate.

I may have found a clue at this web site: http://www.zen-cart.com/forum/archive/index.php/t-30469.html

Which basically says that on a wildcard, you can do x.domain.com but not w.x.domain.com because that means you have two subdomains. So, when I do www.mysubdomain.mydomain.com, that is causing the error with Microsoft. I am exploring this now.

RLS



jaybee -> RE: EV certificates (1/5/2007 18:54:44)

Normally when that message comes up you can check the cert name and the domain it says doesn't match, that'll give you a clue.

quote:

So, when I do www.mysubdomain.mydomain.com, that is causing the error with Microsoft. I am exploring this now.
That sounds right. www. is a subdomain.



BobbyDouglas -> RE: EV certificates (1/5/2007 19:24:20)

These are usually things best left to your host to fix for you. It could simply be a bad install of the cert.



randylsmith -> RE: EV certificates (1/6/2007 11:25:56)

I cannot wait for my host provider -- I AM the host provider!

I think BobbyDouglas had it right and I didn't clue in to his clue when I posted that. Microsoft seems to only want to certify one subdomain; why we can't wildcard-certify subdomains of subdomains is beyond me.

Nevertheless, this appears to be the answer. Don't use WWW's or anything else in front of your primary subdomain when doing wildcard certifications.



BobbyDouglas -> RE: EV certificates (1/6/2007 14:57:26)

After looking at this a bit more, apparently the Wildcard SSL certs are only good for first-level sub-domains. I always thought that you could have an unlimited number of sub domains (and sub domains of those sub domains) and still have the wildcard ssl encrypt the content.

Looks like you found out the answer yourself. [;)]



randylsmith -> RE: EV certificates (1/6/2007 15:48:11)

This is true, BD, thanks. I did find the answer. Once I removed the www., it worked just fine.
RLS



Page: [1]

Valid CSS!




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI
0.09375