tags:

views:

55

answers:

1
Q: 

SSL Certificates and Recognition?

SSL Cert providers such as GoDaddy and RapidSSL claim 99% recognition -- what happens in the 1% non-recognition, and what is recognition, exactly? Should I just self-sign my certificate, instead of buying one? Is there such a thing as 100% recognition?

+2  A: 

Recognition is dependent on the Certificate Authority that issued the certificate and if the browser recognizes the Certificate Authority.

Trusting the SSL Certificate

Browsers determine whether or not to trust an SSL certificate by checking the source of the certificate issuance. If the SSL certificate is issued by a Certificate Authority that is known and trusted by the browser, the browser extends that trust to the web site secured by the SSL certificate. If the certificate is self-signed or issued by an unknown Certificate Authority, the browser may display an alert or security warning.

Root Certificate Ubiquity

Most browser vendors release their software with pre-installed root certificates from known Certificate Authorities. An SSL certificate's root ubiquity or level of browser recognition (also called browser compatibility) reflects the number of browsers that trust the Certificate Authority. There may be a few older or uncommon browsers missing root certificates. This is why SSL providers do not claim 100% browser compatibility.

http://www.rapidssl.com/learn-ssl/ssl-browser-compatibility/index.html

If you have a self-signed certificate, you'll get 0% recognition since nobody will recognize you as a valid certificate authority. When a certificate is invalid, the user will get a very ugly warning and, depending on the browser, be told not to accept the certificate and they won't see your site.

Sam  2010-07-26 04:13:17
+1 Also you don't want to use self-signed certs for public facing apps since certs are supposed to create an inherent trust in the site the user is visiting. If the app is internal with a self-signed cert, you will need to add your cert to every browser cert store or add your internal certificate authority to each browser.
John Virgolino  2010-07-26 04:24:27
rapidssl doesn't list version support on the namebrand browsers they listed (for example, opera 1.0 support, 2.0 support, etc?) - is there a way to find out a comprehensive list of browser support for each SSL cert provider?
ina  2010-07-26 04:58:34

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL