Is there any technical security reason not to buy the cheapest SSL certificate you can find?

  • While shopping for a basic SSL cert for my blog, I found that many of the more well-known Certificate Authorities have an entry-level certificate (with less stringent validation of the purchaser's identity) for approximately $120 and up. But then I found that Network Solutions offers one of these lower-end certs for $29.99 (12 hours ago it was $12.95) with a 4-year contract.

    Is there any technical security reason that I should be aware of that could make me regret buying the lowest-end certificate? They all promise things like 99% browser recognition, etc. I'm not asking this question on SE for comparison of things like the CA's quality of support (or lack thereof) or anything like that. I want to know if there is any cryptographic or PKI reason so avoid a cert which costs so little. It, like others, says that it offers "up to 256 bit encryption".

    "_it offers "up to 256 bit encryption_" no the CA or cert does not! **Your TLS server does.**

    If you still decide to go for the 'cheapest', do remember that you can get them for free (http://startssl.com being one such provider)

    Because Godaddy is a douchenozzle? There are plenty of other cheaper options, rapidssl, geotrust, etc.

    Talking about 256 bit encryption in the context of certificates is nonsense. That part of SSL is completely independent of certificates.

    Note that as of today, you can just get a good and trusted SSL/TLS certificate for free from a project backed by Mozilla and EFF. Take a look at https://letsencrypt.org

    update: in late 2016 StartCom aka **StartSSL** was bought by **WoSign** who were caught issuing and backdating certs in violation of CABforum rules, and are **now widely distrusted**; see https://security.stackexchange.com/questions/18919/are-there-technical-disadvantages-in-using-free-ssl-certificates (and https://security.stackexchange.com/questions/91292/how-do-i-report-a-security-vulnerability-about-a-trusted-certificate-authority !)

    Duly noted. Thank you for the update on StartSSL. As it happens, I'm using a different CA now, but not for that particular reason.

  • Tim Brigham

    Tim Brigham Correct answer

    9 years ago

    For the purposes of this discussion there are only a couple differences between web signing certificates:

    1. Extended vs standard validation (green bar).
    2. Number of bits in a certificate request (1024/2048/4096).
    3. Certificate chain.

    It is easier to set up certificates with a shorter trust chain but there are inexpensive certs out there with a direct or only one level deep chain. You can also get the larger 2048 and 4096 bit certs inexpensively.

    As long as you don't need the extended validation there is really no reason to go with the more expensive certificates.

    There is one specific benefit that going with a larger vendor provides - the more mainline the vendor, the less likely they are to have their trust revoked in the event of a breach.
    For example, DigiNotar is a smaller vendor that was unfortunate enough to have their trust revoked in September 2011.

    "_The more mainline the vendor the less likely they are to have their trust revoked in the event of a breach._" correct, but "too big to fail" principle stinks! :(

    @MrGlass It is not so much trust in the CA as **trust that the very big CA will not be punished, ever, for doing evil things** because that would punish its clients too. It's true and it stinks.

    @Tim, Are there even CAs that sell 4096 bit certs?

    @Pacerier If your CSR (certificate signing request) has a 4096-bit key, most CAs would accept it the same way as a CSR with only 2048 bits. By the way, Let's Encrypt (https://letsencrypt.org/) is a free, non-profit CA that issues standard domain validation certificates.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM