Posts Tagged ‘SSL’

Which Site Seal do People Trust the Most? (2013 Survey Results)

We just found some interesting third-party research from the Baymard Institute regarding consumer’s perceptions of SSL and Trust seals. The survey, from January 2013, specifically focused in on e-commerce websites and gave the following results, showing Trust seals outpacing all of the SSL seals with the exception of Norton.

Its an interesting article and I recommend clicking through to read more about the results and some of the implications. Including their suggestion sites show multiple seals to increase perceived site security; while also of course improving site security.

SAN and wildcard certificates – what’s the difference?

Last week OpenSRS added a bunch of new SSL certificate products to our already extensive lineup, and lowered costs on EV and a couple of popular wildcard certificates.

The new certs are all Subject Alternative Name or SAN certificates – they allow for more than one fully qaulified domain name to be protected using a single certificate.

The certificate information for a GeoTrust EV certificate with the SAN option. In this case, a single certificate for geotrust.com also protects geotrust.net.

Since the launch, we’ve received a few queries about SAN certificates and how they differ from wildcard certs. With that in mind, I’ve put together a quick reference guide here.

Let’s start with a basic look at both wildcard and SAN certs.

Wildcard: a wildcard certificate allows for unlimited subdomains to be protected with a single certificate. For example, you could use a wildcard certificate for the domain name opensrs.com and that cert would also work for mail.opensrs.com, ftp.opensrs.com and any other subdomain. The wildcard refers to the fact that the cert is provisioned for *.opensrs.com.
SAN: a SAN cert allows for multiple domain names to be protected with a single certificate. For example, you could get a certificate for opensrs.com, and then add more SAN values to have the same certificate protect opensrs.org, opensrs.net and even tucows.com.

Some important things to note:

Depending on the specific brand and certificate product, the SAN cert will include either one or four additional domains at the price quoted on our chart. Additional SAN values can usually be added up to a maximum number of either 5 or 25 total domains (including the base domain).

In most cases, the SAN values can be changed at anytime during the life of the certificate – you’d just need to change the value, and then do a free re-issue.

When to choose a wildcard, and when to choose a SAN:

Wildcard certs are great for protecting multiple subdomains on a single domain. In many cases, the wildcard cert makes more sense than a SAN because it allows for unlimited subdomains and you don’t need to define them at the time of purchase. You could provision *.opensrs.com and in at anytime during the life of the certificate, you decided to add www3.opensrs.com or mail.opensrs.com, that cert would just work, no reissue required.

If, on the other hand, you need to protect multiple domain names, then the SAN certificate might be the right choice. Protecting alternative domains with the same website (opensrs.com and opensrs.net) is a great example. One caveat – you need to define the additional domains and add them to the certificate for it to work.

SAN certificates, like wildcard certs, are a great way to save some money and also to make administration a bit easier as you can reduce the number of certificates provisioned since they cover multiple domains.

One last note – the unique QuickSSL Premium with SAN:

We also sell a bit of a hybrid product – the GeoTrust QuickSSL Premium with SAN. This cert is a bit different than the rest of our SAN products. It allows for the protection of four subdomains in addition to the base domain. That makes it more like a restricted wildcard certificate than a true SAN. You also have to add the subdomains at the time of purchase, and they can’t be altered once the cert is provisioned.

You might wonder, as I did initially, why it even exists. Priced at $125, it’s a lower cost product that’s quite a bit cheaper than our least expensive wildcard certificate (the Comodo SSL Wildcard – $199). It’s also a domain-validated certificate (as opposed to being organizationally validated as all of our other SAN certs are) which means that issuance is fast.

For applications where you know the subdomains that you want to have protected, the GeoTrust QuickSSL Premium with SAN is a nice option.

Further questions? Just ask!

I hope that helps a bit in terms of understanding the applications for both these new SAN certificates and also for wildcard certs. If you have any questions about which certificate is best for your customer’s specific application, feel free to ask in the comments of this post, or get in touch with OpenSRS Reseller Support.

Big SSL News: New Super Low EV Pricing and UC/SAN Certs

We have some big news to share today regarding SSL certificates. There are two parts to the announcement, and both are pretty exciting:

First off, we’re cutting pricing on Extended Validation certificates across the board. We’re getting very aggressive with EV SSL pricing and we’re committed to being the low price leader in the category and to making EV more accessible for your small- and mid-sized business customers.

Next, we’re bringing UC/SAN certificates to OpenSRS. For those who have been asking about UC/SAN certs, the wait is over – you can now add the UC/SAN option to many of our SSL certificate products including Symantec, GeoTrust and Thawte brands. That further cements your ability to provide the appropriate certificate to your customers no matter the brand, certificate type, price point or level of protection required.

We’ve updated our Trust Service pricing page on OpenSRS.com to provide you with more information including the new pricing for EV certificates, and which products have the new UC/SAN option.

The SSL pricing chart is getting a bit out of hand (in a good way) with over 40 products, so we added some nifty filtering and sorting options that let you narrow down the product list and zero in on what you want to sell. Check it out!

We’re happy to answer any questions you might have. Drop a comment on this post, visit the OpenSRS forum, or contact Reseller Support.

Rethinking SSL Marketing

I’ve talked in the past about starting the sales process for SSL certificates “upstream” – that is, offering the appropriate certificate to your customer after assessing their needs, rather than immediately going to a lower cost domain validated certificate.

You can have a look at that post if you missed it, but the basic premise is that domain validated certificates are great for individuals, while organization and extended validation certificates should be the default certificate that you sell to your business customers.

SSL marketing – some new ideas

Expanding on that a bit, I want to get into how SSL is marketed these days and hopefully give you some ideas that you can use to stand out from the crowd and do things a little differently.

Those who sell SSL generally know the difference between a domain-validated certificate and an organization or extended validated certificate. But do your customers who are buying SSL know the difference, and more importantly, do they really need to know?

I’ve looked at a ton of sites selling SSL lately and I noticed that the vast majority of these companies sell SSL certificates using buzzwords, comparison charts and acronyms. It’s OV vs. DV and EV, UCC/SAN, multi-domain this and dynamic vs. static seal that.

Spec sheets are great for people who understand specs, and I’m not saying you shouldn’t have one on your site – some customers will be looking for that information and it’s good to have it. Apple keeps things simple when it comes to buying a MacBook Pro, but if you want to know which processor and how much L3 cache there is, the info is just a click away.

But the average certificate buyer will end up skimming over all this info they don’t understand and hitting on the one thing they do understand: the price. But without that understanding of what makes the products different, they won’t know why a TrueBusiness ID certificate is more expensive than a QuickSSL.

Educate or simplify

You have a couple of options to counter this: spend time educating customers on the differences (SSL 101), or take the confusion out of your marketing.

In my travels around the web, I also found a couple of examples of companies taking a bit of a different approach to selling SSL:

You’ll note some similarities – gone are most of the buzzwords and acronyms. Instead both examples provide easy-to-understand guidance. Are you a small business? Then the Premium or Business plan is for you.

Most buyers will understand Standard vs. Pro vs. Business SSL and self-select the right certificate for their needs. But if they don’t, one provider offers a nice interactive simulator that asks a few questions and tells the user what they should buy (in some cases, it’s the inexpensive Standard cert that is suggested – the goal, remember, is to sell the appropriate certificate for their needs).

Selling the right SSL certificate to the customer is job one

Take a look at your own marketing for SSL and see if you can do things a little differently. Maybe the goal is to move your small business customers to an organization-validated certificate from a domain-validated product (and push up your margins a bit in the process). A little effort around education and simplification of your marketing might be all you need to do to accomplish that.

Ensuring that your customer gets the appropriate SSL certificate for their needs should be priority one.

Why Business Customers Should Use Organization Validated SSL Certificates

Of the three types of SSL certificate validation, which one do you understand the least? I’m willing to bet its organization validation (OV).

For the uninitiated, there are different validation methods for different types of SSL certificates. In simple terms:

Domain Validated (DV): This is the least rigorous validation method. The Certificate Authority (CA) checks to see that the applicant’s name and contact information matches what is stored in the WHOIS database for the domain name associated with the SSL Certificate.
Organization Validated (OV): In the case of an OV certificate, the CA performs a much more substantial validation process. This includes checking the applicant’s business credentials (through databases including the Articles of Incorporation) and even making sure that the company’s physical address matches the application.
Extended Validation (EV): This is the highest level of validation and can take as long as a few days to complete. The validation process includes checks of physical location, phone calls to ensure the applicant is authorized to order the certificate on behalf of the company or business represented, and more.

Offer at least an OV cert for your business customers

For individuals, a DV certificate is the most affordable and logical choice to provide simple encryption for things like logins.

But for business, a domain validated certificate simply isn’t the appropriate choice. If you have small- and mid-sized business customers, at the bare minimum, they should be using an organization validated certificate to ensure that visitors to their website see that additional information about the organization in the certificate.

A good rule of thumb is this: if the certificate is issued to a company, then it should be one that requires validation of that company – either OV or EV. And anytime there are transactions occurring on a website, an OV or EV certificate should be used to instill confidence in the customer that their data is safe and that they are dealing with who they think they are.