From the server administrators of highly technological organizations, to product managers of financial institutions, down to the one man startup companies that just want to secure their shopping cart, at one stage or another, the same question pops-up: “They all do the same thing, what should we get?”
Fundamentally all SSL certificates do the same thing, encrypt information during SSL/TLS negotiations. Correctly installed and configured, both https:// and the padlock will show.
However picture this:
You want to buy smart phone online. You see three sellers offering the phone at different prices:
US$250 – Zero star rating – no comments
US$375 – Three star rating – with 50% of comments such as “it arrived late”, “It was scratched” and other 50% of the comments, “ok service” and “arrived on time”.
US$400 – Five star rating – with only good comments: “excellent service” and “fast and reliable”.
Which seller will be most likely to deliver the goods to you on time? The one offering $400?
Why? The comments from previous buyers formed a conscious or sub-conscious decision in your mind. The decision is based on “Trust”. They have been authenticated by real people.
Anyone that purchased from the first two sellers most likely would base their decision on both price and luck (“Maybe I would not be unlucky”).
Here’s another scenario: A hooded man walks out from a dark alley and offer you a brand new IPhone 6, still in its box for US $50.
Do you feel lucky today?