Wildcard SSL - Which to chose and what is the key differences?

Question

I have been left in confusion for quite some time in deciding which CA should I approach to obtain a SSL certificate. Much comparison has been made from different CA but I do not see what is the key differences that sets each other apart except the price they offer. Of cause typical buyers would have just gone to the cheapest they can find buy me on the other hand would like to know what are they actually offering given the price difference I am very sure there will be something distinctive between each other.

Now back to my question, I wanted to purchase a wildcard SSL for my website because I have several running sub-domains and of cause I do not want to purchase and EV for each of the site since I am not running a super huge company yet. I am comparing between 3 different CA which offers wildcard SSL namely:

DigiCert Wildcard Plus - USD595/year

Comodo Wildcard SSL - USD405/year

Comodo PremiumSSL Wildcard from namecheap.com - USD169/year

GoDaddy Deluxe Wildcard SSL - USD399/year

Noted that I am intended to purchase for 1 year at current moment since the website is still under the pilot stage. Now to my understanding the only key difference I can see between these 3 is the insurance coverage. Off the major price difference, what else sets them apart from each other? Which one would you suggest me to get or is there any other reliable CA that you could recommend?

In addition I would also like to inform that I am making a purchase with budget constraints. Preferable something that is less than USD600 per year.

Answer 1

The main things to consider when purchasing a wildcard certificate are:

• If you want the certificate to support the domain itself (e.g., domain.com) in addition to subdomains (*.domain.com), then make sure that the wildcard vendor you choose supports Subject Alternative Name extension.
• Before you buy, make sure you know who you are buying from. The link you supplied is a reseller of Comodo certificates (not Comodo itself), which is why it is less expensive than the others. If you look, you will find several other vendors that sell inexpensive Comodo wildcard certificates. Most of the resellers are probably ok - just make sure that their root certificates are trusted with all of the major clients you want to support.
• If you intend to use the wildcard certificate for shopping, you may want to get a certificate with Extended Validation (EV). Some certificate vendors may not offer this.
• An SSL certificate may have multiple chains to different root certificates. If you intend to support older web clients (i.e., IE6, IE8, Java 6, 7, Android 2.3) then you want a certificate with a path to a SHA1 signature in addition to a path to a SHA2 signature.
• Some vendors may provide 4096 bit certificates, others may provide 2048 bit certificates. A few years ago, the transition from 1024 bit to 2048 bit occurred at different times for different vendors.
• Test first with a self-signed wildcard certificate, so that you know exactly what your minimum requirements are. You will need to create your own private key and CSR anyway, so self-signing is a good way to test before you buy.

If you are trying to keep costs low, then start with the lowest-cost certificate you can find. Most vendors will give you a 30-day trial certificate. Use that time to refine your web server configuration and test client compatibility. One of my sites uses a PremiumSSL Wildcard from Comodo and another is using a reseller's wildcard certificate, and when set up properly there is no noticeable difference.