SSL 247 are authorised strategic resellers of Verisign,GlobalSign, Geotrust and RapidSSL products

What is a Certification Authority (CA)?
Not just anybody can issue trusted SSL Certificates. If they could then there would be no trust in SSL - and it could no longer be used commercially. Instead only Certification Authorities, or CAs as they are commonly known, can issue trusted SSL Certificates.

CAs have generally invested in establishing the technology, support, legal and commercial infrastructures associated with providing SSL certificates. Even though CAs are essentially self-regulated, the nearest to a regulatory body is the WebTrust compliancy program operated by AICPA/CICA. The majority of CAs comply to the WebTrust principles, however some CAs do not have WebTrust compliance. Those CAs who are WebTrust compliant display the WebTrust Seal, as seen below.

The WebTrust Seal of assurance for Certification Authorities symbolizes to potential relying parties [e.g. to the end customer] that a qualified practitioner has evaluated the CA's business practices and controls to determine whether they are in conformity with the AICPA/CICA WebTrust for Certification Authorities Principles and Criteria. An unqualified opinion from the practitioner indicates that such principles are being followed in conformity with the WebTrust for Certification Authorities Criteria. These principles and criteria reflect fundamental standards for the establishment and on-going operation of a Certification Authority organization or function.

Who are the CAs and why are there so many providers of SSL?
There are actually fewer than 10 CAs issuing commercially available SSL certificates. The Appendix contains the full list of CAs. Until recently the SSL market has been monopolized by Verisign and Thawte. In 1999 Verisign acquired Thawte, and it became a Verisign subsidiary. In recent years, new global players providing enterprise class solutions such as GeoTrust (formerly Equifax Certificate Services) have also established themselves in the enterprise security market. In the last few months, other companies providing solutions for small to medium sized businesses have also started providing SSL certificates.

There is however confusion in the market because all CAs have resellers like ssl247.co.uk. Resellers like us are organizations that will resell the CA's SSL certificates, often at different prices to the SSL CA themselves. Resellers are a great way to sometimes save money through discounted pricing, but are also an easy way to be overcharged for SSL! Rest assured, we charge LESS that our suppliers (the CA's) - saving you £££ over their own prices.

Be aware that some resellers will "re-brand" the CA's certificate, thereby masking who actually issues the certificate and then offer their own re-branded certificates at inflated prices above the SRP of the CA themselves.

Don't be fooled by unknown brands - if an SSL Certificate is being sold under an unknown brand, the buyer should examine one of the reseller's example certificates before purchase. It is very likely that the certificate has been issued by a CA featured in this white paper and will probably be available directly from the CA at a different cost, maybe even lower than the reseller offers it. ssl247.co.uk only sell highly-reputable RapidSSL and Geotrust, Inc certificates.

Resellers provide exactly the same certificate and features provided by the CA themselves, so it is essential for buyers to know which CA that will issue the SSL certificate before purchasing through a reseller!

Who are the top 2 CAs?
Each month SecuritySpace (www.securityspace.com) publishes the market share of each CA. Figures are obtained by examining a sample of over 100,000 domain names actively using SSL certificates.

The following chart summarizes the market share of the top 2 enterprise players in the .net market, namely Verisign and GeoTrust. The chart also shows the market share of Thawte (Thawte is a Verisign company).

August 2003 Figures:

Geotrust, Inc also own the supply of our RapidSSL certificates, so you can be happy in the knowledge that all ssl247.co.uk certificates come from a top CA.

Continues on page 3