SSL Cert Prices & Notes

John Gilmore gnu at
Mon Aug 7 20:12:45 EDT 2006

Date: Sun, 6 Aug 2006 23:37:30 -0700 (PDT)
From: clif at
Subject: SSL Cert Notes

Howdy Hackers,

Here is the latest quick update on SSL Certs. It's interesting that 
generally prices have risen. Though ev1servers are still the best commercial 
deal out there.

The good news is that CAcert seems to be posistioned for prime time debut, 
and you can't beat *Free*. :-)

SSL Certificate Authorities	Verification	Subdomains Too
 				Low	High	Low	High
 	Verisign		$399	$995
 	Geotrust		$189	$349	$599	$1499
 	Thawte			$149	$199	$799	$1349
 	Comodo / instantssl	$49	$62.50	$449.95		$17.99	$74.95	$179.99	$269.99		$69	$99	$199	$349
 	ev1servers		$14.95	$49
 	CAcert 			Free	Free	Free	Free


Inclusion Status:

Latest news

Thanks for your concerns - getting the CAcert root cert included into 
Mozilla is indeed probably our largest challenge right now, but one we are 
actively engaged in.

Philipp is working on a CPS see PolicyDrafts

To see where we are with Mozilla, see: [Summary: Mozilla has 
established a fair and firm policy which CAcert should be able to meet. 
Then they threw the ball back to CAcert.]

Background of the story

We found when we first started down this road that the typical way a 
vendor got included into a major browser's root store was simply by paying 
whatever fees were demanded. In Microsoft's case with Internet Explorer, 
they don't care really who's included or who is not, but insist only that 
you pass a Webtrust audit and if so, you're eligible for inclusion. Our 
problem is that the audit costs in the neighborhood of $75,000 with a 
yearly +$10,000 fee. For CAcert, as a non-profit organisation that is 
simply out of the question (at least in the forseeable future).

The folks at Mozilla have a rather different strategy currently. They are 
willing to include our cert providing we conform to reasonable guidelines 
that everyone agrees to. And there's the rub - getting all involved to 
decide which guidelines are and are not necessary and how best to conform 
to them.

This is an ongoing process and we are documenting our Certificate Policy 
Statement (CPS) at: (not always up-to-date) 
see CPS

(Many thanks to Christian Barmala's ( work on this 
and for everyone who has helped us with shaping these policies!)



The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list