We are often asked by customers  why they should pay more for an SSL certificate from LuxSci/Thawte instead of purchasing from a third party provider like Go Daddy.  I.e., what justifies the added expense?

There are two key considerations in choosing Thawte SSL from LuxSci:

1. The recognition of an SSL certificate from Thawte.
2. The benefit of LuxSci managing the order process, installation and subsequent SSL renewals.

The recognition of an SSL certificate from Thawte

There are many advantages to using SSL certificates from Thawte.com, which is a subsidiary of Verisign.

• Highly Credible Online Security For Professional Level Websites That’s Fast, Reliable and Cost-Effective – Thawte is a highly respected and established Web Trust compliant security organization.  If your website has high transaction volumes, or if you are a hosting provider with a Service Level Agreement (SLA), then Thawte can provide highly trusted professional and enterprise-class certificates.
• Highly trusted and highly credible SSL Certificates – Thawte is the 2nd largest Certification Authority in the world, and Verisign is the Largest!
• Single certificate install – no chained installation – Thawte uses GeoTrust’s own root SSL certificate – its root is already trusted and present in all popular browsers
• GeoTrust and Thawte products are most compatible with Mobile devices with high ubiquity levels. GeoTrust owns it’s root certificates (i.e. no intermediate certificates and chains of trust are needed).
• Compatible with 99%+ of all browsers and web servers
• Site Seals – Thawte site seals are an effective way to make sure your customers know your site has the stamp of approval from a leading global Certificate Authority for secure e-business transactions. Their patented smart seal technology provides fast, reliable and user-friendly web site identity authentication, and instant proof to your customers that your site can be trusted.
• Thawte Trusted SiteSeals are dynamically-generated when someone accesses your site, and display a live time and date stamp and/or your company name. Users can click on a site seal to display additional verification information.
  Like Thawte SSL Certificates, these enhance your customer’s confidence with the prestige of the Internationally recognized Thawte brand name.

The benefit of LuxSci managing the entire process

While you can provide LuxSci with your own SSL certificate after you purchase it from a third party provider, we recommend that LuxSci purchase your SSL certificate to ensure the quickest and easiest setup experience:

• We will purchase an SSL123 certificate from our partner Thawte.com (or other type of certificate if desired).  Thawte SSL123 with site seal is rated one of the most popular and trusted Domain Validated Certificates in the US as well as globally.
• We will take care of gathering all needed information from you and will coordinate with Thawte.
• We will make sure that the certificate does not expire on you from year-to-year by tracking the certificate and coordinating renewals with you.
• Your certificate will:
  • Use 2048-bit keys
  • Support 128-bit and 256-bit encryption
  • Have the highest degree of browser compatibility available
  • Not require any intermediate certificates
  • Be very well trusted by your end users as it will be issued by Verisign/Thawte
• We will bill you for the certificate — so you pay us for your certificate as part of your normal LuxSci invoice.
• You get a discount on the monthly cost of the required associated dedicated IP address.
• You have a single point of contact for support and billing for your services — LuxSci.
• Certificate ordering, renewal, and maintenance will be taken care of by LuxSci.

What about Go Daddy?  They are “so inexpensive!”

• Trust? Most people likely associate Go Daddy with their recent string of sexually-explicit SuperBowl commercials. Is this the first thing you want your customers thinking of when dealing with trusted online security?
• Validation? The majority of Go Daddy’s certificates are domain-validated. They only validate that the domain is registered by performing a WHOIS lookup. If it is, the certificate is automatically sent to the email address listed for the domain. (I.e. this is not very secure)
• The bulk of GeoTrust, RapidSSL and Thawte products are organization-validated products where they perform a full verification of your business, the ownership of your domain, and your authority to apply for the certificate. Their authentication procedures provide the highest level of trust in the industry. Go Daddy’s do not.
• Go Daddy’s Root Certificates are not included in Safari. Therefore, almost 7% of visitors will receive error messages when accessing your site, unless you take extra steps to install additional certificate chains on the web server. This could cost a business more than any difference in certificate price.
• Go Daddy’s certificates require an intermediate certificate to be installed for their use. This is because Go Daddy is down the food chain from upper level, more trusted certificate vendors. The validity of all Go Daddy certificates depends on this chain of trust remaining in place and all dependent business relationships remaining unchanged!
• Go Daddy’s core business is as a domain registrar and offers SSL as an add-on. SSL has always been a core business of GeoTrust, RapidSSL and Thawte and will remain so. SSL will get less attention at Go Daddy.
• Compared to Go Daddy, Thawte is under the Verisign umbrella and has more customer and technical support resources in three different geographies / time zones.

Consider the following when providing your own SSL certificate:

• You have to order the certificate yourself.
• You are responsible for ensuring that your certificate does not expire and you must take the initiative for renewing it.
• If there are any issues with your SSL certificate, you must deal with the support from your third party provider yourself.

Similar Posts:

• Extended Validation (EV) SSL Certificates
• Do I need to Buy an SSL Certificate to use Secure Email?
• How Does Secure Socket Layer (SSL or TLS) Work?
• Recipe: Completely Secure Collection of Web Form Data using SSL and PGP or S/MIME
• How to Install S/MIME (and PGP) Encryption Certificates into Major Email Clients