They claim "Offer 99% browser recognition." And visiting the links does not cause the browser to bark with an unknown root server. Seems to me that spending $15 and seeing if it works as advertised is worth it. Remember, all you are buying is a public/private key signed by a known entity. That is a trivial process to automate. The costs associated with SSL Certs has to do with the "validation" that you are who you say you are. Thawte / VeriSign run a full back group check, GeoTrust an automated phone call check. I don't know what GoDaddy does - but for the most part people are just looking for the "https" locks and that their browser does not throw any SSL cert warnings. Most people don't care much beyond that. -----Original message----- From: Fred Jones fredthejonester at gmail.com Date: Wed, 07 Nov 2007 00:03:10 -0800 To: "thelist at lists.evolt.org" thelist at lists.evolt.org Subject: Re: [thelist] How to pick a Security Certificate > Anthony Baratta wrote: > > I normally buy from GeoTrust because their phone verification system makes it simple to finalize the purchase. Not sure what GoDaddy is doing. > > > > I would recommend the cheapest Cert that can be recognized by the browser without a root certificate update. You don't need more than that, really. > > But how does one know what root certs are recognized? > > GoDaddy seems to use ValiCert: > > https://certificates.godaddy.com/Repository.go > > and the price for Standard SSL is $15: > > https://www.godaddy.com/gdshop/ssl/ssl.asp?isc=sslxgo001a#tabs > > which is a fraction of all the other places I am finding. > > Is there a catch?