Get your geek on!

Digicert marketing has produced a cool little video and wallpaper (see video), that illustrate how long it would take to crack a 2048 bit SSL certificate.  The short answer - a long time (1).  Uh, a really, really long time.  Unless? some "genius" IT guy gives their signing keys to someone else - then it would be pretty easy.

And that's the point of the video - attempting to crack an SSL certificate is a bit ridiculous.  We just hope that some super genius hacker doesn't take the video as a challenge. 

(1) It is estimated that standard desktop computing power would take 4,294,967,296 x 1.5 million years to break a 2048-bit SSL certificate. That's a little over 6.4 quadrillion years.


How Long To Crack a 2048 Bit SSL Certificate?

It's a fight.  In yellow corner is the iconic Symantec Norton Verisign SSL certificate.  In the green corner is the aggressive, price-cutting, market-share stealing GoDaddy.

So who wins?  What certificate authority is the best one to buy your SSL certificate from?

Well, the comparison is a bit like comparing a Honda Accord to a Mercedes.  Both do what they're supposed to do, and get you to where you want to go. However, the Mercedes is a lot more prestigious and may even help with your personal brand.  The Honda is reliable and a lot more affordable.

Obviously in this analogy Symantec Norton Verisign = Mercedes and Go Daddy =  Honda.

There's really not a wrong choice here.  It just depends on what your main SSL purpose is.

If gaining visitor trust is paramount, and you have deep pockets, then choose Symantec Norton.  The Symantec Norton Trust Seal is the most recognized and trusted SSL (Read - Verisign SSL Certificate Review).

On the flip side, if money matters, buy a GoDaddy SSL.  A Go Daddy SSL cert is roughly 1/3 the price of an the Verisign version.  That's a big discount (Read GoDaddy SSL Certificate Review).

There's other factors, but I think they are mainly noise.

Verisign and other competitor SSL certificate providers hint that GoDaddy's SSL technology is not optimal, and Verisign's SSL technology is better.  Basically most of the top SSL certificate providers are using the same technology, offering similar certificates. So we don't think there's a lot to this claim.

However, there is a couple small technology differences.

Symantec/Verisign SSLs have Server Gated Cryptography certificates, which allow websites to increase encryption levels for really old browsers like IE4 for example. So GoDaddy's certs may not be optimal for IE4.  Big deal, there's a lot of pressure on computer users to upgrade to a newer browser version because some of the newer web doesn't work on the ancient browsers.  Plus, IE4 users are a tiny fraction of the internet.

GoDaddy offers UCC SSL certificates.  Unified Communications Certificates (UCC) are SSL Certificates that secure multiple domains and multiple hostnames within a domain. They allow you to secure a primary domain, and up to 99 additional Subject Alternative Names, in a single certificate. If you're planning to use your SSL with Microsoft® Exchange Server 2007, Exchange Server 2010, and Microsoft Live Communications Server, a UCC SSL from GoDaddy is a great way to go as you'll save a lot of money and hassle.

So, in the end, you must decide what SSL is the best way to go for your website.  Click on the links below to learn more about each certificate authorities offering, which may also help in your decision:

- Learn more: Verisign SSL Certificates.

- Learn more: GoDaddy SSL Certificates.

Save 50% Now on Go Daddy SSL Certificates! Only $1



Looking for a low cost EV SSL Certificate?  Read Go daddy EV SSL Certificate review. Compare Verisign SSLs vs GoDaddy SSL Certificates Which Certificate is Best?

What percent of website SSL Certificates are valid extended validation SSL certificate?

If you guessed more than 3%, you're wrong.  

EV SSLs, only make up 2.3% of all valid SSL certs in use today.  This fact comes from Netcraft, who also released additional information like the number of extended validation certificates in use today (38,966).

So why aren't EV SSL certificates utilized by more websites?

Well, most websites use domain validated SSLs because they are a lot more affordable (check-out GoDaddy EV SSL Certificates). Domain validation checks can be performed systematically using Whois information, which lowers the cost.  Whereas EV validation includes business validation, which a human must do and often times isn't straight-forward. 

In addition, technical considerations also come into play, "EV certificates cannot always be automated to the same degree as for domain validated certificates," according to Netcraft.

EV SSLs, which are just over 4 years old, are used by high-traffic or financial websites to ensure secure transactions. The green indicator in the browser's address bar indicates an EV certificate and can't be replicated by a fraudster, according to Netcraft.


ssl certificate share by validation type 2011
EV SSL Certificate Share by Validation Type 2011


Google has recently done a lot of work with their services to make them more secure with HTTPS (Google SSL Certificates).

A Google engineer, Adam Langley, wrote a couple of blog posts on his personal blog about SSL certificates.  Specifically in regards to the old claim that CPU is a bottleneck with SSL, and website speed.

Key quote from Adam's posts: "On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that.

So, if you're considering an SSL certificate for your website, don't let CPU concerns stop you from making your website more secure. Check out the SSL certificate providers, and get the appropriate SSL cert for your site.



Do SSL Certificates Take a Lot of CPU Time?  Is the old claim that CPU is a bottleneck with SSL, and website speed still valid? Find out now ...

What Domains to Associate With UCC SSL Certificate?

We've compiled some tips and information for using a GoDaddy UCC SSL certificate with Microsoft Exchange.  Up to bat first, domain determination.  Ensure the external domains you want to secure have up to date WHOIS contact information and DNS entries.

First figure out what domains and subdomains will be associated with the UCC SSL certificate.  Most likely it will be something like:

  • mail.yourbusinessname.tld (smtp,imap,pop)
  • webmail.yourbusinessname.tld (if your OWA address is different from the one above)
  • autodiscover.yourbusinessname.tld (helps reduce headache)
  • exchsrv (internal hostname)
  • exchsrv.internal.local (internal dns domain)
Once all the domains and subdomains have been figured out, buy the certificate from GoDaddy.

Create and Install the UCC SSL Certificate

The process to create the certificate can now be done.  Lets begin on the Exchange side - so use these commands are performed from the Exchange PowerShell.  Use the primary domain as the first one.  

[PS] New-ExchangeCertificate -DomainName mail.domain.tld, autodiscover.domain.tld, webmail.domain.tld, exchsrv, exchsrv.domain.local -FriendlyName ExchangeCert -GenerateRequest:$True -Keysize 2048 -path c:request.req -privatekeyExportable:$true -subjectName "c=us, o=Company, CN=domain.tld" 

Open the certificate in notepad and paste that into the certificate request window in GoDaddy's certificate wizard when requested.  GoDaddy will process it and ask to verify the domain.  Verification may take up to 24 hours, but sometimes you can get lucky and be verified in an hour or less. Once all the domains are verified, download the certificate for Exchange 2007, and save it to the Exchange Server.

Now import the certificate and enable the services that should use it.

[PS] C:Documents and SettingsAdministratorDesktop>Import-ExchangeCertificate -Path "C:domain.tld.crt" | Enable-ExchangeCertificate -Services IMAP,POP,IIS,SMTP 

Then export the certificate to PFX formation using the Certificates MMC snap-in.  After the export, enable the services again by the thumprint.  You may need to look at the details of the certificate to get the thumbprint to get IIS to see the new certificate.  It make ask if you want to overwrite a previous certificate.

[PS] Get-ExchangeCertificate -Thumbprint "somethumbprintstring" | Enable-ExchangeCertificate -Services SMTP,IIS,POP,IMAP

Now, double check that you can visit the webmail site.  Also verify the SSL certificate is the one the was just imported.  

Add (or Remove) SANs Once UCC SSL Certificate Has Been Issued

After your UCC SSL Certificate has been issued, you can use this information to add/remove SANs:

• Log into your GoDaddy account.
• Select ‘Manage SSL Certificates’ from the ‘My Account’ menu
• Click on the ‘Manage Certificate’ link to the right of the domain name. You will be taken directly into the SSL Management Account. All certificates associated with that shopper ID will be displayed from all older SSL account management accounts.
• Click on the current certificate
• Click on the  Manage button
• You will see a box for a CSR and a Continue button. Leave the box blank and press the Continue button
• The page that loads will have available spaces for you to add or remove your SANs as your needs require.
• When you have completed your changes, click the “Continue” button.

Once you press continue godaddy will verify control of each domain that is added to your certificate, then issue a new certificate.

Once a new certificate is issued the original certificate will no longer be valid, meaning you must replace the original certificate on the original hosting server.

If you will be installing the UCC onto any other server, it will be necessary to export the original private key from the original server and import it into any other server you plan to secure with your UCC. You will then be able to install the UCC onto that server.

After a Multiple Domain Certificate, SSL certificate has been issued you may add or remove subordinate common names from the certificate as need be.

Multiple Server UCC SSL Certificate Install

If you are installing your UCC on multiple servers, export the private key from the original server and import it on the additional servers you want to secure. Then, install the UCC on the new servers.



Buy and Install GoDaddy Unified Communications Certificate UCC for Exchange|  Tips and help to buy GoDaddy UCC SSL certificate and install it for Exchange ...