[development] A Rose By Any Other Name... SSL Certs

Bob Hutchinson hutchlists at midwales.com
Tue Mar 1 12:21:26 UTC 2011

On Tuesday 01 March 2011, nan wich wrote:
> The way I approach things like this is that I am not a permanent employee
> of the company, therefore I do not acquire assets for the company if
> that asset outlives my tenure. I do this whether that asset has a cost or
> not. I won't even get a Google Analytics key, which is free. Someone who
> is permanently with the company must acquire it and provide me with the
> usage information, such as keys. What are they going to do when that
> certificate expires, call you back for ten minutes of work?

With Rapidssl (now Startssl) it is the Administrative Contact in whois that 
has to acquire the cert and it is that phone number, address and email address 
that will be used.
I imagine that it is something similar with Thawte/Verisign

> Nancy
> Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L.
> King, Jr.
> ________________________________
> From: Gordon Heydon <gordon at heydon.com.au>
> To: Drupal Development <development at drupal.org>
> Sent: Mon, February 28, 2011 11:43:49 PM
> Subject: [development] A Rose By Any Other Name... SSL Certs
> Hi,
> I have a new client and they require me to get an SSL certificate. Ideally
> an EV certificate because they detail with financial information (not
> credit cards) and would ideally require a higher level of identifiable
> security that what a standard certificate provides.
> Usually for clients that do not really require any real security for there
> website and when a self signed certificate will do, I will use a free
> certificate from startssl.com, not only does it give the full security
> their certificate authority is recognised by all browsers.
> While grabbing a certificate for another client I noticed that they offer
> an EV certificate for US199 for 2 years, where as thawte.com (who I
> usually use when I need a proper certificate) for the same certificate si
> $US995 for 2 years. and verisign is 1730 for the same.
> I know that technically there is zero difference in security between the 2
> providers and they will both provide the exact some levels of encryption.
> The EV certificate from startssl.com is 1/5 of the price of one from
> thawte.com so looking that it is a much better financially. but the issue
> is really "trust". Thawte.com or even Verisign have a much higher level of
> trust and what startssl.com has. Would a normal person (not like us)
> really care about this.
> Remember also to provide an EV certificate you still need to meet some
> strict guidelines.
> I am conflicted with this, on the one hand I can provide my client with a
> financially acceptable option that will give their clients a much higher
> level of identity, and make sure they are dealing with my client, but on
> the other hand it is not a thawte/verisign.
> Comments please.
> Thanks in advance.
> Gordon.

Bob Hutchinson
Midwales dot com

More information about the development mailing list