Comparing SSL Certificates with Domain Verification
After the opening of the project HTTPS.menu, I decided to make a small comparison of certificates from different certification centers with verification only by the domain name.
Domain verification looks quite simple - to one of the email addresses of the following type: admin@domain.zone, administrator@domain.zone, hostmaster@domain.zone, postmaster@domain.zone, webmaster@domain.zone, or e-mail address from whois a letter arrives with a verification code, and the user must confirm ownership of the domain by clicking on the link and indicating the secret key received in the letter. After that the certificate comes to mail.
')
Today, the review focuses on 5 different certificates from 3 certification authorities:
Comodo PositiveSSL
RapidSSL
Comodo EssentialSSL
Thawte SSL123
GeoTrust QuickSSL premium
The cheapest of these certificates is PositiveSSL from COMODO, you can buy it from resellers at a price of 4.5 dollars (342 rubles) or 278 rubles if paid for over 3 years . This certificate has IDN support.
After ordering the certificate, an email arrives with a request to follow the link and enter the verification code, so the verification center determines that the certificate is provided to a person who has the right to manage the domain.
Go to the secret code entry page:
We specify the code and get thanks. The “Close window” button, unfortunately, was not working.
5 minutes after that, an email with the certificate itself comes to the mail. The certificate comes in plain text directly in the letter, in addition to the letter attached archive with a copy of the certificate and additional files for its correct operation.
In a chain, these files must be combined in the following order:
COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt
After that, you need to install the certificate on the web server and get the green https text before the domain name in the address bar of the browser.
In addition to the certificate from COMODO, another letter comes with the subject “Your COMODO SSL TrustLogo is ready". It is not clear why this is needed, but the certification center suggests installing a picture on your website that will help visitors determine that the site is using an https connection.
The next most expensive one is the RapidSSL certificate, which can be purchased at a price of 690 rubles or 8 dollars (620 rubles) if paid for over 3 years. This certificate is almost always distinguished into a separate type, but GeoTrust releases it. It does not support IDN.
The verification process for this certificate is slightly different - an email comes with a link, but the verification code is already “sewn up” in the link, so after clicking on the link, we are asked to click on the confirmation or rejection of the certificate issue.
After a few minutes, an email arrives with a certificate and Intermediate CA in plain text.
Next comes the cost of the certificate COMODO EssentialSSL, its price starts from 720 rubles for 1 year or 600 rubles when buying for 3 years at once . The certificate does not support IDN.
The release of this certificate is completely analogous to the release of PositiveSSL. A similar archive with a certificate and additional files comes to the mail, as well as an offer to put the COMODO logo on your website.
The price for the certificate of Thawte SSL123 starts from 1920 rubles when paying for the year and 1931 rubles. when you pay for 3 years.
The process of issuing this certificate is identical to RapidSSL and QuickSSL Premium, except for the logo of the certification authority and the site on which the confirmation takes place.
After that comes a letter with a certificate and Intermediate CA. The certificate supports IDN.
The most expensive certificate from the review is QuickSSL Premium from GeoTrust, the price of which starts from $ 48.50 (3,681 rubles) when paid for a year and $ 41.66 (3162 rubles) when paid for 3 years.
This certificate supports IDN domains. By purchasing this certificate you get the opportunity to use it for several different domains.
The process of issuing a certificate coincides with the release of RapidSSL, the letters and the confirmation form are completely the same, except for the name of the certificate.
The certificates presented are almost completely identical with each other, with the exception of IDN support and the availability of SAN with QuickSSL Premium. If you need a certificate, and free analogues (StartSSL or Let's Encrypt) do not fit, then in my opinion, PositiveSSL would be an excellent choice. The price of the certificate is the lowest on the market, and the benefits are not inferior to more expensive counterparts.
PS Last week, a website for dedicated servers DEDICATED.menu opened in beta. Now we are actively looking for hosters for cooperation and adding tariffs. Email us at info@hosting.cafe or via the feedback form to learn more.
PPS I want to express my gratitude to the staff of the project firstssl.ru for their help with the purchase and revocation of certificates.
Domain verification looks quite simple - to one of the email addresses of the following type: admin@domain.zone, administrator@domain.zone, hostmaster@domain.zone, postmaster@domain.zone, webmaster@domain.zone, or e-mail address from whois a letter arrives with a verification code, and the user must confirm ownership of the domain by clicking on the link and indicating the secret key received in the letter. After that the certificate comes to mail.
')
Today, the review focuses on 5 different certificates from 3 certification authorities:
Comodo PositiveSSL
RapidSSL
Comodo EssentialSSL
Thawte SSL123
GeoTrust QuickSSL premium
The cheapest of these certificates is PositiveSSL from COMODO, you can buy it from resellers at a price of 4.5 dollars (342 rubles) or 278 rubles if paid for over 3 years . This certificate has IDN support.
After ordering the certificate, an email arrives with a request to follow the link and enter the verification code, so the verification center determines that the certificate is provided to a person who has the right to manage the domain.
Go to the secret code entry page:
We specify the code and get thanks. The “Close window” button, unfortunately, was not working.
5 minutes after that, an email with the certificate itself comes to the mail. The certificate comes in plain text directly in the letter, in addition to the letter attached archive with a copy of the certificate and additional files for its correct operation.
In a chain, these files must be combined in the following order:
COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt
After that, you need to install the certificate on the web server and get the green https text before the domain name in the address bar of the browser.
In addition to the certificate from COMODO, another letter comes with the subject “Your COMODO SSL TrustLogo is ready". It is not clear why this is needed, but the certification center suggests installing a picture on your website that will help visitors determine that the site is using an https connection.
Screenshot from ssllabs.com
Certificate screenshots in the browser
The next most expensive one is the RapidSSL certificate, which can be purchased at a price of 690 rubles or 8 dollars (620 rubles) if paid for over 3 years. This certificate is almost always distinguished into a separate type, but GeoTrust releases it. It does not support IDN.
The verification process for this certificate is slightly different - an email comes with a link, but the verification code is already “sewn up” in the link, so after clicking on the link, we are asked to click on the confirmation or rejection of the certificate issue.
After a few minutes, an email arrives with a certificate and Intermediate CA in plain text.
Screenshot from ssllabs.com
Certificate screenshots in the browser
Next comes the cost of the certificate COMODO EssentialSSL, its price starts from 720 rubles for 1 year or 600 rubles when buying for 3 years at once . The certificate does not support IDN.
The release of this certificate is completely analogous to the release of PositiveSSL. A similar archive with a certificate and additional files comes to the mail, as well as an offer to put the COMODO logo on your website.
Screenshot from ssllabs.com
Certificate screenshots in the browser
The price for the certificate of Thawte SSL123 starts from 1920 rubles when paying for the year and 1931 rubles. when you pay for 3 years.
The process of issuing this certificate is identical to RapidSSL and QuickSSL Premium, except for the logo of the certification authority and the site on which the confirmation takes place.
After that comes a letter with a certificate and Intermediate CA. The certificate supports IDN.
Screenshot from ssllabs.com
Certificate screenshots in the browser
The most expensive certificate from the review is QuickSSL Premium from GeoTrust, the price of which starts from $ 48.50 (3,681 rubles) when paid for a year and $ 41.66 (3162 rubles) when paid for 3 years.
This certificate supports IDN domains. By purchasing this certificate you get the opportunity to use it for several different domains.
The process of issuing a certificate coincides with the release of RapidSSL, the letters and the confirmation form are completely the same, except for the name of the certificate.
Screenshot from ssllabs.com
Certificate screenshots in the browser
The certificates presented are almost completely identical with each other, with the exception of IDN support and the availability of SAN with QuickSSL Premium. If you need a certificate, and free analogues (StartSSL or Let's Encrypt) do not fit, then in my opinion, PositiveSSL would be an excellent choice. The price of the certificate is the lowest on the market, and the benefits are not inferior to more expensive counterparts.
PS Last week, a website for dedicated servers DEDICATED.menu opened in beta. Now we are actively looking for hosters for cooperation and adding tariffs. Email us at info@hosting.cafe or via the feedback form to learn more.
PPS I want to express my gratitude to the staff of the project firstssl.ru for their help with the purchase and revocation of certificates.
Source: https://habr.com/ru/post/278255/
All Articles