Marketing Lingo/Features
- Domain Validated (DV): A Domain Validated (DV) Certificate verifies your ownership of the domain
- Organization Validated (OV): Proves that you own the domain and that your organization is legitimate.
- The Extended Validated (EV): Offers the highest level of assurance to your customers. EV SSL applicants must pass an extensive vetting process.
- A Unified Communications Certificate (UCC): A SSL that secures multiple domain names as well as multiple host names within a domain name. A UCC SSL lets you secure a primary domain name and up to 99 additional Subject Alternative Names (SANs) with a single SSL. For example you can use a UCC to protect www.domains1.com, www.domains2.net and www.domains3.org.
- Wildcard SSL: A Wildcard SSL protects your primary domain and an unlimited number of its subdomains. For example, a single Wildcard Certificate can secure both www.coolexample.com and blog.coolexample.com.
SSL Vendors Comparison
GoDaddy
* Submitting certificate signing request (CSR)
* Recieving the signed certificates
* Deploying the certificates
- PositiveSSL $10/Yr
- Regular $75/Yr
- Multi UCC/San: $170/Yr
- WildCard: $280/Yr
Commodo
* Submitting certificate signing request (CSR)
* Recieving the signed certificates
* Deploying the certificates
- Regular: $100/Yr
- EV: $249
- Wildcard: $450/Yr
tip: All the Commodo certificates have 2048 bit key length which makes the advertised differences in strength misleading.
AWS
The only caveat is that you need to use the Elastic Load Balancers and/or CloudFront distributions. This will become insiginificant overtime if you are managing a lot of domains and certificates. The average load balancer will cost about $20/month + traffic. Also be wary of Dedicated IP Custom SSL
for cloud front as this can add to $600/month per node: You pay $600 per month for each custom SSL certificate associated with one or more CloudFront distributions using the Dedicated IP version of custom SSL certificate support. This monthly fee is pro-rated by the hour. For example, if you had your custom SSL certificate associated with at least one CloudFront distribution for just 24 hours (i.e. 1 day) in the month of June, your total charge for using the custom SSL certificate feature in June will be (1 day / 30 days) $600 = $20. For other SSL options, please visit the CloudFront Custom SSL detail page.
- Setup: in Certificate Manager, click Request a certificate. You can also add the wildcard domain name on top of the root domain name. This will cover all first-level subdomains and the root domain of your domain.
- Deployment: It automatically gets deployed to cloudFront, etc.
- SSL/TLS certificates provisioned through AWS Certificate Manager are free. You pay only for the AWS resources you create to run your application.
Conclusion
The winner is AWS hands down, because:
- It costs north of $100 annually for each wildcard certificate. You now get it for free.
- No more SSL certificate renewal hassle.
- No more deployment headaches with the certificates.
- Route 53 is automatically protected from DDOS and other common attacks by AWS Shield.