Just got some root access hosting on a virtual machine (Debian) on which I'm going to host some domains of mine. I'm looking to secure any email to/from those domains so need to look at SSL/TLS. Has anyone got any advice a trustworthy SSL cert provider that's of a reasonable price.

Thanks Russ

Russ,

If you can live with the upstream certificate chain (there's an intermediate cert), then you probably won't find cheaper than GoDaddy at 30USD a year.

http://www.godaddy.com/

http://blogs.zdnet.com/Ou/?p=608&page=2

If you want a Thawte (same company as Verisign these days), I can put you in touch with somebody who should be able to beat the prices on the Thawte's website.

instantssl and rapidssl are quite cheap.

Godaddy are regarded as the cheapest but by all accounts reinforce the adage of buy cheap, buy twice. However unlike adjustable travel forks there are considerably less moving parts. I'd probably give them a go first. You can always go elsewhere.

The 'guff' that the top tier providers add to justify their extra charges will be of no use to you so you can give Verisign and Thawte a miss. Your main concern is that the software validating the cert trusts the CA that issued the cert. For browsers this is generally not a problem but your SSL connections are to and from non-browser software so you might want to check this out.

Oh and make sure your Debian box has the SSL vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166 patched.

I agree. The big vendors do provide a valuable service but I doubt you're going to need it. You will need the public root/intermediate cert for that vendor is installed in your browser (and all commonly used browsers) and so will anyone else connecting, make sure this is the case before purchasing.

I've used Startcom SSL for email encryption for a few years now and they're FREEEEEE

Cheers all, looks like I need to lots more research on what exact programs I'd like to use before stumping up some cash, but for now I'm just using a self signed cert for my email program.

Try running a 45 or 90 day free trial. Most trials now use the same root and intermediate CAs as the fully purchased ones so it's an easy transition from trial to bought with (hopefully) no hiccups.

Like samuri said, make sure the root certificate is installed (by default!) on your main clients' machines. Thawte / Verisign are a pretty good starting point. If the root certificate isn't preinstalled, you might as well use a self-signed cert for all it's worth.

Also try 123-reg. Cheap certs currently, they start at around a tenner.