The truth about two of the more popular SSL certificates
There are a lot of people that don’t know enough about SSL certificates to spot the difference between a good value and a cynical attempt to cash in on your ignorance of the product. That’s why we’ve written this guide: to help you figure out what SSL certificate is the best fit for your website.
Let’s start with a brief rundown of SSL and what SSL certificates do, and then we’ll discuss the differences between Positive SSL and Essential SSL.
SSL and SSL Certificates: A Briefer
SSL stands for Secure Socket Layers, though as the protocol evolved it became Transport Layer Security. SSL/TLS is a protocol used for encrypting connections between websites and their visitors. Without SSL/TLS, any information exchanged between the two would be in plain text, easily readable by eavesdrop and easily manipulated by a Man-in-the-Middle attack.
So, to combat this websites must have an SSL certificate installed. An SSL certificate is really just a piece of software that binds a public/private key pair to a server. The certificate contains information about the server and possibly the organization and is signed by a trusted certificate authority. When a visitor reaches a website their browser downloads the SSL certificate and verifies that it’s valid and authentic. If it is, the browser will form a secure connection with the site. This is done by migrating the website to HTTPS and redirecting all of its HTTP pages to their HTTPS counterparts.
The SSL certificate handles two things: it facilitates encryption by providing a list of compatible cipher suites that can be used for the connection. Cipher suites are just the group of algorithms used during the connection. It also provides authentication. The certificate authority issuing the certificate puts the organization through some level of validation before signing the certificate. This trusted signature ensures that the certificate itself will be trusted.
There are three different levels of validation:
- Domain Validation: Server Authentication only
- Organization Validation: Server Authentication; Light Business Vetting
- Extended Validation: Server Authentication; Full Business Vetting
The encryption facilitated by SSL certificates doesn’t change—that’s owing to the fact the actual encryption strength is determined by the client and server. The most expensive SSL certificate and the absolute cheapest will both provide your website with the exact same encryption capacity. The only difference is validation and peripheral features.
Now let’s talk about Positive SSL vs. Essential SSL
Positive SSL is a fantastic value, arguably Comodo’s best. It’s a very affordable Domain Validated SSL certificate, it comes with the Comodo site seal, a $10,000 warranty and unlimited server licenses, which are all fairly standard. Originally, Positive SL was intended to be its own brand, a deeply discounted line of SSL certificates without Comodo branding. Somewhere over the past year and a half, that plan was abandoned and Positive SSL just started using regular Comodo branding.
That, in turn, makes it difficult to suggest Essential SSL. We don’t have a dog in this fight, we sell multiple CAs in the interest of providing you the best value. That’s why we want to be honest with you that these are the same certificate – same validation level, same site seals and branding, the same warranty – with just one difference: the price.
The Essential SSL is several times more expensive, which would make sense of Positive SSL was off-brand. Except it’s not. So do with that information what you will.
Differece between PositiveSSL & EssentialSSL