Why do webmasters have to get an updated SSL certificate?
In a strategy to secure the web, Google is pushing webmasters to secure communications between their websites and their visitor’s devices. Thus, since July 2018, Google Chrome will flag publicly all websites that are not secured;
The good thing about Google Chrome is that it updates automatically. And since Google Chrome has the biggest share, with 58% of the world wide web browsing, we can assume that at least 58% of the visitors will face the message if the website is not updated.
This means that all webmasters should take care seriously the message to update their SSL certificates so they can show how safe are their websites to their customers.
SSL certificates are replaced by TSL certificates
At the same time, SSL certificates are being deprecated. The 3.0, last version of the SSL, updated in 1996, became way too easy to hack. Though webmasters and suppliers are still widely using the name and today’s certificates are in fact TSL certificates.
The latest version of the TSL is v1.2, developed in 2008. The Internet Engineering Task Force, IETF, is currently, July 3rd, 2018, at its draft of the v1.3. The only browsers to support v1.3 are Google Chrome and Mozilla Firefox.
Where to find TSL / SSL certificates?
Now we know that webmasters need an SSL / TSL certificate, the question is to find the place to get it. Many different suppliers, different offers. We’ve been doing wild research on the SSL market. They are called Certificate authorities.
The process to find the best SSL certificate
We started to screen the biggest suppliers in the market. Why? There are a lot of Certificate authorities and we needed to focus on a limited quantity.
List of selected SSL Certificate authorities
- GeoTrust; https://www.geotrust.com/
- Thawte; https://www.thawte.com/
- RapidSSL; https://www.rapidssl.com/
- DigiCert; https://www.digicert.com/
- IndenTrustSSL; https://www.identrustssl.com/
- GoDaddy; https://godaddy.com/
- 911micro; https://web.911micro.com/
- Comodo; https://www.comodo.com/
- Network Solutions; https://www.networksolutions.com/index.jsp
We listed the common features of an SSL certificate, such as:
- Issuance; the time to deliver the certificate. That can be really painful if your website is blocked by Google Chrome.
- Warranty; All certificate authorities provide a warranty in case of a breach, as a pledge of confidence, to say that they believe in their certificate so much that they are ready to pay you if something bad happened.
Nota bene; while surfing through the terms and conditions we discovered that all warranties are not as simple as described on the frontend of their website. To summarize, even if they show 1 million dollars, you might end up with only 10000 dollars. We’ll try to improve the research.
- Encryption; all certificate authorities of our comparison offer the same encryption today, Standard X.509 certificates, Symmetric 256-bit encryption RSA public-key SHA-2 algorithm (supports hash functions: 256, 384, 512), ECC public-key cryptography (supports hash functions: 256 and 384), 2048-bit public key encryption (3072-bit and 4096-bit available).
- SAN; some certificate authorities offer the opportunity to extend the basic SSL certificate with one or many Subject Alternative Name to bonify their offer and help webmasters to manage their hosting in an easy way.
- Green browser address bar / Extended Validation Certificates are not part of this comparison yet. This market research will come in an upcoming post.
SSL certificate comparison table
The result of the SSL certificate comparative
- if the price is the most important; try Let’s encrypt
- if you need an easy and affordable SSL certificate provider, try 911micro
Let us know if we are missing some points to consider ! You can comment below.