Once you’ve decided what kind of SSL you need, whether that be a Wildcard SSL, Multi-Domain, or one-site certificate, you are then tasked with deciding where exactly you should buy it from. With hundreds of SSL stores vying for your attention, how do you know which ones are worth buying from and which would be a mistake? The answer to that might be a little unexpected. Because the most important thing is not price or bells and whistles. Your decision should begin with trust.
Certificate Authorities matter
You might have heard the words Certificate Authority (CA) and Public Key Infrastructure bandied about a great deal, and like most people, you didn’t pay a whole lot of attention. But actually, your choice of CA really does matter when choosing an SSL. Here’s why.
First, let’s talk about PKI. It’s basically the system that maintains your privacy and security across the World Wide Web. This includes everything from hardware and software to policies and procedures when it comes to public-key cryptography and distribution of digital certificates. CAs, being the guys in charge of issuing, revoking, maintaining, and signing SSL certificates play a significant role in that system.
Trust is paramount to PKI working properly. So much so that if you want your website’s SSL certificate to work properly, it needs to have been issued from a trusted CA. This is referred to as the SSL chain of trust. When, for instance, a client (like a browser) wants to connect to a server (like your website), it will engage in a process known as the SSL handshake in the hopes of creating an encrypted connection to your site. Part of this is the client checking the SSL certificate’s digital signature, which has been left there by the issuing CA. Every client contains a list of CAs that it knows to trust. It compares the SSL’s digital signature to its CA list. If the CA isn’t found, then a secure connection will not be established.
This is a problem. What’s the point of an SSL certificate that doesn’t work? What can you do to avoid such a scenario? The answer to that is pretty simple.
Do your research
Don’t just buy an SSL from the first shop you find. Check out the issuing CA and whether or not they are trusted by major browsers and other applications. You can easily find trusted CA lists with a quick Google search. Once you find a reputable, trusted CA to buy from, you’re golden.