Are the different types of SSL certificates a bit of a scam?

"My question is, what makes a $10 certificate better than a $100 certificate?"

Typically the more expensive the certificate the older the certification company is. Since the list of trusted signers ships with the browser, certificates from newer companies may not be trusted by old browsers.

For example, maybe a $10 certificate isn't trusted by IE5.

But that's about it.


I think cartel is the word you are looking for


I asked the same thing of DigiCert the other day: why are a lot of certificates so much cheaper than yours (~$25 vs ~$100 per year)? Here is the answer they gave me (in my words):

The other companies only verify your domain name (that the person getting the certificate owns the domain name) whereas DigiCert (and others) verify the company behind the domain name.

This means they need to check the corporate registry in your country to verify that your company exists and that you are related to company some how. This often also requires a phone call and some other checks. Without this check, all that is required is a computer to verify the whois record with the information entered.

So, in my assessment, if you're going to be using the certificate on a site where the customer is paying for something or entering their personal information, then a more expensive certificate is better. If you're just using the site internally (within the company) then a cheaper certificate is probably all you need.