Are SSL Certificates and Code Signing Certificates Same?  

The answer is NO. However, there are some similarities between an SSL certificate and a Code signing certificate.  

• Both a Code signing certificate and an SSL certificate are X.509 digital certificates that are used for cybersecurity.  

• They both use Public Key Infrastructure (PKI). 
• Users see a security warning in the absence of a Code signing certificate and an SSL certificate. 
• With both certificates, the certificate authority validates the applicant’s credential before the issuance. 
• The main purpose of both of these certificates is to save end users from becoming victims of cybercrimes.  

Now, the similarities end here!  

Code Signing Certificate vs. SSL Certificate 

These are the key difference between a Code signing certificate and an SSL certificate. 

Usage:  

An SSL certificate is used for websites. It secures the data transition between a users’ browser and a website’s server. An SSL certificate is installed by the website owner/webmaster. 

A Code signing certificate is used to protect downloadable software, device drivers, applications, executables, and scripts. A Code signing certificate is purchased and used by software developers/publishers. 

If you are in the business of developing downloadable software and own a website for your software, you need both, a Code signing certificate and an SSL certificate.  

Working Style:  

SSL certificates enable a secure connection between a browser and server to facilitate encrypted data transfer. In simple words, the data website visitors send on your website (names, emails addresses, passwords, bank details, credit card numbers, CVV, etc.), gets encrypted using strong 256-bit symmetric encryption and a 2048-bit RSA signature key when you install an SSL certificate on your website. So, any man-in-the-middle (read hacker) can’t read, interpret, or misuse your clients’ data.  

Code signing certificates don’t encrypt the software itself: instead, they hash the entire software. Hashing is like putting a digital signature on the whole code. If someone in the middle changes the code, the hashing value changes, indicating to the user that the software is different from the original one; so it might be unsafe to download. This is how a user who is trying to download the software can save themselves from getting malicious software and becoming the victim of a cybercrime.

Additionally, the software developer can be alerted about tampering in the software before it’s too late. So they can discontinue the infected software and publish a new file to control the damage at the earliest stage. In any case, software can’t be tampered with and not be detected. 

Identity Verification: 

In both cases (an SSL certificate or Code signing certificate) the certificate authority (CA) verifies the identity of the applicant before issuing the certificate.  

With an SSL certificate, the CA makes sure that you own the domain for which you have applied for an SSL certificate. To verify this, the CA sends an email to a particular email id like admin@yourdomain.com, or webmaster@yourdomain.com with a verification link. Or asks you to place a verification file on a specific location of your server. If you have chosen an organization validated (OV) or Extended validated (EV) SSL certificate, you also need to provide your business registration number or ID, registration date and full legal business name, physical address, phone number, etc. to the CA. They will verify your legal business registration in an online government database and third-party online listing. In some cases, you may need to provide a legal opinion letter that is filled out and signed by an active lawyer or accountant.  

For Code signing certificates, the CA will verify your business’s registration details, address, and telephone number. For individual developers, the CA requires you to present a notarized form that validates your government-issued photo identification and complete a phone call verification.  

Identity Attachment: 

SSL certificate: Once the CA verifies the applicant’s identity, it ties the certificate’s public/private keys to the website URL, enables HTTPS (in place of HTTP) and displays a padlock sign in the address bar. When you click on the padlock sign and go to ‘certificate,’ you can see the website’s name for which the SSL has been issued, name of the issuing authority, issuance and expiry dates. With an EV SSL certificate, the company’s legal name is also shown in the address bar along with the padlock sign. This identity attachment assures your website visitors that you are the same company as you claim to be.

Code signing certificate:  After the entire vetting process, Code signing certificates allow you to put a unique, verified digital signature on the piece of software or code you have developed. It gives a chance for buyers to check the original publisher.  

When your buyers can see the verified publishers’ name on the software they are downloading, instead of ‘unknown’ publisher, it gives them confidence that the product they are downloading is safe and comes from the intended publisher. 

Cost Of SSL & Code Signing Certificates

A basic domain validated (DV) SSL certificate starts from $10/year, while single domain organization validated (OV) SSL starts from $48/year and extended validated (EV) SSL $88/year.
A wildcard SSL to secure unlimited subdomains starts from $85/year. While multidomain SSL for securing multiple domain names under a single certificate starts from $29/year. 

The basic OV Code signing certificate starts from $80/year, and the Extended Validated (EV) Code signing certificate starts from $300/year.  

Warranty

Any paid SSL certificate comes up with a warranty. In an unlikely event of encryption failure, the CA will reimburse the damages up to the warranty amount to the victim. So, it works like liability insurance. The warranty ranges from $10,000 to $1,750,000, depending on the type of SSL certificate you are getting. Do consider the warranty amount while choosing the right SSL certificate for your business. 

Code signing certificates don’t offer a warranty. 

Expiration  

When an SSL certificate expires, if it is not renewed the users start getting the same security warning as they see for the website without an SSL certificate. As soon as the SSL certificate gets expires, the padlock sign, HTTPS and the organization’s name (for EV SSL) gets disappeared, and users see a “not secure” sign on the address bar. Plus, they will see a security warning page as below every time users try to open your website. 

When a Code signing certificate expires the users will may see a security warning. However, the verified publisher’s name will be still there if the publisher has utilized timestamping. The timestamp is a digital signature which you can add to your software by using your unique private key. This digital signature will stay good forever, even after the Code signing certificates expires. A timestamp shows that the software was signed by the original publisher while the certificate was valid, so the publisher of the software is the same as it was at the time when the software was published. 

The Extra Benefit of EV Validation 

SSL certificate: When you get an Extended Validated (EV) SSL certificate, your organization’s legal registered name is displayed in the address bar before your domain name. It provides the highest level of trust to your users. Plus, you will also get a dynamic site seal. It’s a small clickable image posted on each encrypted webpage. When users click on the seal, they can see real-time details of the SSL certificate, issuer, physical address, expiry date, etc.  A timestamp is a visual indicator of trust.  

EV Code signing certificate

You will receive an external hardware USB device that contains the private key. Now, the private key is secured in both ways-physically and digitally. This provides two-factor authentication. Only those who have the physical device can sign code with your EV Code signing certificate. It provides robust authentication and enhanced security. Plus, Microsoft SmartScreen trusts EV Code signing certificates. Microsoft SmartScreen considers reputation scores, and for new developers, it can be difficult to gain enough reputation to avoid their software getting flagged as potentially suspicious. So, for new developers, an EV Code signing certificate is the only way to prove their trustworthiness to users. 

Code Signing Certificate Vs SSL Certificate: Differences Explained 

If you’re seeing a “SEC_ERROR_EXPIRED_CERTIFICATE” error while browsing any website, you’re not alone! This is a common error that’s associated with a website’s Secure Socket Layer (SSL) certificate. Website owners install an SSL certificate to secure the data that transfers between a website visitor’s browser and website’s server. SSL certificates are issued for a maximum of two years, and they must be renewed before or at the time of its expiry date. If the SSL certificate is not renewed, all web browsers will display the SEC_ERROR_EXPIRED_CERTIFICATE error for that site.

A pending SSL renewal is quite a common problem for all types of organizations. More than 80 .gov websites’ SSL/TLS Certificates expired during the most recent US government shutdown. In May 2019, LinkedIn missed renewing its SSL certificate! When such negligence takes place, the website visitors see the “SEC_ERROR_EXPIRED_CERTIFICATE” error message.

Even when an SSL certificate is renewed by the website owner, browsers may keep showing this error to site visitors if there are issues with the users’ browsers or operating systems. So, it is necessary to check whether the SSL certificate is actually expired or not before finding the solution.

Fix the “SEC_ERROR_EXPIRED_CERTIFICATE” Error in Firefox

If your browser is displaying a page with the title “Warning: Potential Security Risk Ahead,” try the following:.

1. In that window, click on the Advanced button.
2. Press View Certificate.
3. A new window will pop up. Here, check the rows Begins on and Expires on under Period of Validity and confirm whether the certificate has expired.

If the SSL Certificate is Expired,

If you’re a website owner, you need to renew the SSL certificate as soon as possible. However, there are some things you should know before you renew the SSL certificate:

• Some certificate authorities (CAs) charge more to renew an SSL certificate than they do to buy a new one. If that is the case, you can shift to any other certificate authority anytime. It’s not necessary to buy the same SSL from the same certificate authority at the time of renewal.
• Right now, Sectigo (formerly Comodo CA) offers SSL certificates at the lowest rates — and they never exploit their loyal customers by charging higher renewal rates. On the contrary, Sectigo provides coupon codes for generous discounts when SSL certificates require renewal.

As a website visitor, you can’t do anything to renew the SSL certificate. However, you can take some steps to disable/ignore the SSL-related error on your browser so you can browse the site. Check out our website visitor’s guide to fixing the “SEC_ERROR_EXPIRED_CERTIFICATE” error in Mozilla Firefox. Note: You should do that only when you’re 100% sure that the website you are trying to visit is secure.

 If the Certificate Has Not Yet Expired

If the site’s SSL certificate hasn’t expired but the site is still displaying the error message, it’s a sure indication that the issue is with the user’s browser or operating system. Please follow our step-by-step guide to Fix the security warning error in Mozilla Firefox.

How to Fix the “SEC_ERROR_EXPIRED_CERTIFICATE” error in Google Chrome

In Chrome, you can check the cause of the “SEC_ERROR_EXPIRED_CERTIFICATE” error in a slightly different way. Currently, you must be seeing the following error page:

• Click on the Not Secure symbol in the address bar.
• Click on Certificate.
• Under the General tab, you can check issuance and expiry date of the SSL certificate.

If the SSL Certificate is Expired

As a website owner, you need to renew the SSL certificate as soon as possible. Do thorough market research before renewing because sometimes the price difference is mind-blowing — in some cases, it may cost you more to renew than to buy a new SSL certificate outright! Check out Sectigo’s (formerly Comodo CA’s) latest discounted prices.

As a website visitor, you can follow some tricks to get rid of this error message. Check out our guide on how to fix the “Your Connection is not private” error in Google Chrome.

If the SSL Certificate is Not Yet Expired

If the certificate is still valid and is not yet expired, it proves that the problem is NOT with the website’s SSL certificate – hence, the website owner doesn’t need to do anything about it. As a website visitor, there are some issues to be tackled on your browser/operating system to fix this error. Check out our step-by-step guide: How to fix ‘Your Connection is not private’ error in Google Chrome.

If you’re seeing a “Secure Connection Failed’ page with the error message “SEC_ERROR_REVOKED_CERTIFICATE” while visiting a website, use the following steps to get rid of the error page and access the website.

Why Firefox Shows the “SEC_ERROR_REVOKED_CERTIFICATE” Error

Simply put, this is an SSL certificate related error. The website owner installs a digital certificate called security socket layer (SSL) certificate to protect their website visitors’ data. Every SSL certificate facilitates a secure connection through the use of a public and private key share. When this SSL certificate gets revoked for any reason, which invalidates the certificate, the browser doesn’t consider it secure and shows the “SEC_ERROR_REVOKED_CERTIFICATE” error page.

In most cases, when the private key becomes compromised, the certificate authority (CA) who issues the certificate revokes the SSL certificate. The private key, which is used to decrypt the encrypted data that users transfer over a website, must remain secure on the server for it to be effective. Anyone that holds a private key can decrypt the data. That’s why, if the private key is leaked, the data encrypted by an SSL certificate is no longer considered secure.

Another reason why you may receive this warning message is due to an SSL certificate mis-issuance by the CA. For example, in March 2019, millions of SSL certificates were revoked by Apple, Google, and GoDaddy because of non-compliant SSL serial numbers that were generated as the result of an operational error. The certificates had 63-bit serial numbers instead of 64-bit serial numbers.

There are several reasons why a website owner can request for a CA to revoke their SSL certificate:

• They’ve lost the private key,
• They changed the certificate’s common name,
• The secured site is no longer operational, or
• They have requested the certificate for the wrong domain name by mistake.

How to Fix “Secure Connection Failed” Error in Mozilla Firefox?

If you’re a website owner, all you can do is ask your certificate authority to reissue a new SSL certificate. Some CAs charge additional re-issuance fees. If the reissuance fee is higher than the cost of purchasing a new certificate, you can change CAs anytime and get a new SSL from a different certificate authority.

Reissuance is free if you buy Sectigo (formerly Comodo CA) SSL certificate. Comodo CA has been a well-trusted cybersecurity brand for more than two decades and sells the most budget-friendly digital certificates. The basic Comodo DV SSL starts from $10/year and comes with a $50,000 warranty.

If you’re a website visitor, you can compel your browsers to ignore the error and visit the website on your own risk by following these steps.

You won’t necessarily need to implement all of these steps. Keep applying them one by one until the error message is eliminated. 

1. Permit Firefox to Trust Root Authorities

Firefox has an optional feature that allows the browser to trust root authorities in the Windows certificate store. To activate this feature, you must enable the setting in your browser.

• Type “about: config” into the Firefox address bar.
• Press the I accept the risk! button.
• Search for security.enterprise_roots.enabled.

• If the value is false, double-click on it to change it to True.
• Restart Firefox.
• If you still receive the error message, move to the next solution.

2. Clear Browsing History and Cache Memory

If the certificate authority has already re-issued a new certificate in place of the revoked SSL, you may still see the error message. This is because the browser’s cache memory is displaying old information. Clearing your browsing history, cookies, and cache memory might solve the issue.

• Open Firefox and navigate to Options in the top-right drop-down menu.
• Go to Privacy and Security from the menu bar on the left side.
• Click on Clear Data in the Cookies and Site Data section.
• Select Clear History.
• Select all the options and click on Clear Now.

3.Temporarily Disable Your Antivirus and Firewall

Some antivirus and firewall solutions are sensitive to SSL errors. To fix this issue, all you need to do is turn off HTTPS scanning. All the antiviruses have different SSL scanning under different names. Find the appropriate setting such as “HTTPS Scanning,” “Scan SSL,” “show the safe result”, “Do not scan encrypted connections,” etc.,and disable it.

If you don’t see any such options, visit their manufacturer’s help section and try to find information about SSL- and HTTPS-related settings there.

4. Clear the SSL State

If this error is occurring on a website you visit regularly, it’s possible that your browser may have stored a saved version of the site’s SSL certificate. This process can be problematic when you return to the site if the SSL certificate is no longer trusted. This next step will enable you to clear your SSL cache, which may help remedy this issue:

• In your system’s control panel, under Network and Internet, selects Internet Options.

• In the pop-up window, select the Content tab.
• Click on Clear SSL State to clear your SSL cache.

5. Trusted Site

• Search for Internet Options in the window’s search bar
• In the pop-up window, click on the Security tab.
• Select Trusted sites.
• Click the Sites button to open a new window.
• Manually add the URL of the website that is displaying the error message.
• Click Apply and OK.

How to Get Rid of ‘Warning: Potential Security Risk Ahead with MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” Error in Firefox?

If you see the error message “MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” while using FireFox, it means that the browser is encountering an SSL certificate-related error. A website owner installs an SSL/TSL certificate to protect the data transfer between their users’ browsers and website’s server using encryption technology. For an SSL certificate to be trusted by FireFox, it must be issued and signed by the certificate authorities (CAs) that the browser trusts.

Before you can install an traditional SSL certificate on your site to enable encryption, certificate authorities must verify the identity of the site owner or organization before issuing the SSL certificate. SSL certificates are a sure sign that the website you’re interacting with is the one it claims to be. This is especially important considering that cybercriminals will often create fake websites that impersonate other genuine websites to gain customers’ trust and steal their personal and financial data.

Why is There a “MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” Error in Firefox?

There is another type of SSL certificate, which does facilitate the encryption process but is not signed by the trusted certificate authority. It’s called a self-signed certificate. Because a self-signed certificate is not issued and signed by the well-known CA, the browser doesn’t trust it.

It’s like a driver’s license. It must be issued by the DMV. If you just write on a piece of paper “I know how to drive,” is the cop going to accept it? Absolutely not (though you may land yourself a ride in the back of their police car!).

Why would someone use a self-signed certificate over a traditional SSL certificate?

• Companies generally use self-signed certificates for intranet websites. Intranet websites are covered under a private network and accessible only to an organization’s staff. These websites are made for facilitating internal communications, data transfers, and developing/testing software.

• Some start-ups, independent developers, freelancers, bloggers and small businesses also use self-signed SSL certificates because they’re free and easy to install on their servers.

• Self-signed certificates are sometimes used by hackers when they’re unable to get an SSL certificate from a trusted CA.

In any case, Firefox doesn’t trust self-signed certificates because there’s uncertainty about who is receiving your data on the other side. This is why you receive the “MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” error message.

How to Fix the “MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” Error in Firefox?

If you’re a website owner, you can get an SSL certificate from a trusted CA at little cost these days. For example, SSL certificates from Sectigo (formerly Comodo CA) start from $10/year and include a $50,000 warranty. If the installation part seems troublesome, you can always outsource the entire installation process for just a $49 onetime fee. The benefits of purchasing an SSL from trusted CA always outweigh the money you save by installing a free, self-signed SSL certificate.

Disclaimer: Forcing your browser/operating system to ignore SSL related errors can weaken your device’s security. If you have decided to take the risk anyway, don’t share any financial details or personal identifiable information (PII) such as your name, phone number, passwords, Social Security number (SSN), physical address, etc. on such websites.

1. Disable Security.Enterprise_Roots.Enabled

If you’re a website visitor, you can apply the following methods to get rid of the “MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” error in Firefox.

• Type about: config in the Firefox address bar.
• Click on the I accept the risk! button.
• Search for security.enterprise_roots.enabled in the URL bar.

• On the extreme right, there should be a value field. If the value is listed as false, double-click on it to change it to True
• Restart Firefox.
• Check whether you still see the error page. If yes, move to the next solution.

2. Clear the SSL State

• Search for Internet Options in the window’s search bar
• Click on Content

• Now, click on Clear SSL State.

3. Trusted Site

• Search for Internet Options in the window’s search bar.
• Select the Security tab and click on Trusted Sites./
• Go to the Sites tab.
• Now, manually add the URL of the website that is showing the error message.
• Click Apply and OK.

4. Continue with an Insecure Connection

If none of the above suggestions work, you can continue with the insecure connection at your own risk.

• Click on Advanced.
• Click on Accept the Risk and Continue.

As soon as you buy an SSL certificate, it doesn’t get automatically get installed and enable HTTPS on your website. There are several steps you need to take from your end to complete this process.  

There are 3 steps you need to follow after purchasing an SSL.: 

1. Certificate Signing Request (CSR) generation 
2. Validation process 
3. Installation Process  

In this article we’ll cover the CSR generation process for cPanel in 3 easy steps. If you’re using different server, refer our articles for CSR generation on various types of servers.  

CSR Generation In cPanel

Step 1

Log into cPanel

Click on SSL/TLS in the Security section.

Step-2

Go to ‘Generate, view, or delete SSL certificate signing requests’ under the Certificate Signing Requests (CSR).

Steps-3

Fill the following fields with only alphanumeric characters.

Domains: Enter the fully qualified domain name. The primary domain name for which you have applied the SSL certificate.

For wildcard SSL, add an asterisk in front of the domain (*.mydomain.com). Caution: Don’t write * before the www version of the domain like *.www.mydomain.com. unless you want to secure second level of subdomains such as blog.www.mydomain.com, mail.www.mydomain.com etc.

City: Provide the full name of your city. Do not use abbreviations.

State: Provide the full name of your State. Do not use abbreviations.

Country: Select country from the drop-down menu.

Company: Officially registered name for your business. It is mandatory for Organization and Extended Validation certificates. For Domain Validation SSLs, you can use “NA” if your organization is not legally registered.

Company Division: Department name inside the organization. Write “NA” if a certificate a Domain Validation certificate or there are no departments in the company.

E-mail: Enter your e-mail address. This field is optional.

Passphrase: Keep this field black.

Description: Add some keywords in order to locate a particular CSR in the list if you have more than one CSR. This too is optional.

Click on ‘Generate’.

At this point, your private and public keys have been successfully generated. The generated CSR code includes the public key.

You need to send this CSR code to the certificate authority along with other required details. 

Include the header and footer when sending your CSR to the certificate authority: 

—–BEGIN CERTIFICATE REQUEST—–  

 —–END CERTIFICATE REQUEST—–  

The private key is stored locally on the server and will be needed at the time of installation process once the CA issues you the certificate.   

After this step, the CA will follow some validation steps based on the type of certificate you have chosen. For DV SSL, you will get a validation email on your business email (admin@yourdomain.com, webmaster@yourdomain.com) just in minutes after you send the CSR code and other details to the CA. For OV and EV, the validation process may take somewhere between 1 day to 5 days.  

Learn more about the next steps after you generate your CSR on cPanel: 

Step 2: Validation process 

Step 3: Installation Process  

With plenty of different certificate authorities, SSL certificate types and features; and ambiguous price difference, anybody can get confused. We’ve been a leader in this business for more than a decade and understand this dilemma. Because you’ve reached this article, we assume that you are doing some healthy market research to choose the right SSL certificate for your website. And we are proud of you for that! 

To help you with your goal, we at Sectigo have compared two prominent certificate authorities’ SSL certificates to provide some context and insight to help you make an informed decision.  

Comodo is a well-respected cybersecurity company, providing computer and internet security products for almost two decades. It is one of the prominent certificate authorities. GoDaddy is also nearly two-decade-old domain registrar and web hosting company. It is also a certificate authority. Both of them provide various types of SSL certificates.  

In November 2018, Comodo CA rebranded itself as Sectigo. In short, Comodo CA = Sectigo. It is just a rebranding strategy, and nothing else has changed. We offer the same Comodo products, at the same price, and the same level of trust — just under a different name. 

Compare Comodo vs GoDaddy SSL Certificates  

Both Comodo and GoDaddy offer all three types of single domain SSL certificates: Domain Validation (DV), Organization Validation (OV) and Extended Validation (EV). If you have only one website that uses a single domain (no subdomains, alternative domain names, or domain names with different extensions), you should buy a single domain SSL certificate. A DV SSL certificate is preferable for informative websites, blogs, social websites, and personal websites. OV and EV SSL certificates are recommended for sites that deal with customers’ sensitive information such as bank details, credit card numbers, passwords, and personally-identifiable information (PII) such as names, dates of birth, etc. 

Comodo vs GoDaddy: Single Domain SSL

Features	Sectigo (Previously Comodo CA)	GoDaddy
Available Validation Type	DV, OV, EV	DV, OV, EV
Domain Coverage	WWW and non-WWW versions (FQDN) of the URL.  For example, www.yoursite.com and yoursite.com	WWW and non-WWW versions (FQDN) of the URL.  For example, www.yoursite.com and yoursite.com
Encryption Key Length	256-bit	256-bit
Digital Signature Strength	2048-bit	2048-bit
SHA-2	Yes	Yes
24/7/365 Technical Support	Yes	Yes
Re-Issuance	Unlimited	No
Organization’s Name on the Address Bar (for EV SSL)	Yes	Yes
Site Seal
Browser Compatibility	99.9% Web and Mobile Browsers	99.9% Web and Mobile Browsers
Price: DV	Starting at $10/ year	Starting at $64/year
Price: OV	Starting at $48/year	Starting at $136/year
Price: EV	Starting at $88/year	Starting at $125/year

Note: These rates are accurate as of May 8, 2019 and are subject to change at any time. Please click on the price link for latest rates. 

As you can see, both certificate authorities (CAs) offer SSL certificates with 2048-bit strong digital signatures and 256-bit longer encryption key lengths. So, encryption is precisely the same — one is more or less secure than the other. Sectigo offers different site seals for each type of SSL certificate. GoDaddy, on the other hand, offers the same site seals for all of its SSL certificates. Both provide 24/7/365 live customer support and have 99.9% web and mobile compatibility.  

The First Biggest Difference Between Comodo vs GoDaddy Certificates is the Cost 

The most significant difference between these two SSL/TLS certificate providers is the price of their products. Comodo DV SSL is almost six times cheaper than GoDaddy’s. Comodo OV and EV SSL are available at nearly half the cost of those offered by GoDaddy.   

Difference Between Comodo and GoDaddy For Multiple domain SSL and Wildcard SSL 

Multiple Websites: When you own multiple domain names or domain names with different extensions (such as mysite.com, mysite.ca, mynewsite.com, mydomain.org, etc.), you can protect all of them with a multi-domain SSL certificate. Both Sectigo and GoDaddy offer multi-domain SSL certificates with DV, OV and EV options. All other technical features for Comodo CA/Sectigo and GoDaddy multi-domain SSL certs are the same except for the number of server licenses that the certificate can issue.   

Multiple Subdomains: When you have multiple subdomains (for example, blog.mysite.com, support.mysite.com, billing.mysite.com, products.mysite.com, etc.), you can secure all of the subdomains with one wildcard SSL certificate. Both Sectigo and GoDaddy offer DV and OV wildcard SSL certificates. Both certificates allow users to cover one main domain (SAN) and unlimited subdomains. 

Multiple Websites and Subdomains: When you have multiple domain names and subdomains, you can secure all of them under one comprehensive SSL certificate, which is known as a multidomain wildcard SSL. Of these two companies, only Comodo CA provides multidomain wildcard SSL certificates — GoDaddy doesn’t have this option. With GoDaddy, this means that you’ll need to buy two different SSLs certificates — wildcard and multidomain — to secure all of your domain names and subdomains. 

Comodo VS GoDaddy: SSL Certificates for Multiple Domains and Subdomains  

Features	Sectigo (Previously Comodo CA)	GoDaddy
Wildcard SSL Availability	Yes	Yes
Number of subdomains covered	Unlimited	Unlimited
Server license for Wildcard	Unlimited	1 Server
Multidomain SSL Availability	Yes	Yes
Server license for Multidomain SSL	Unlimited	1 Server
Multidomain Wildcard Availability	Yes	No
Encryption key length	256-bit	256-bit
Digital Signature Strength	2048-bit	2048-bit
SHA-2	Yes	Yes
24/7/365 technical support	Yes	Yes
Re-issuance	Unlimited	No
Site seal
Browser Compatibility	99.9% Web and Mobile Browsers	99.9% Web and Mobile Browsers
	Read More

The Second Critical Difference Between Comodo vs GoDaddy Certificates: Server Licensing  

If your domains and subdomains are hosted on more than one server, you need to install your SSL certificate on each additional server. For example, if you host maindomain.com, support.maindomain.com, and subsidiary.maindomain.com on different servers to gain operational efficiency, it means that you must install your SSL certificate on each server individually.  

Comodo CA/Sectigo provides unlimited server licenses. This means that you don’t need to pay anything extra to install the wildcard SSL/multidomain SSL certificate on multiple servers. You can do it easily just by transferring your private keys to the other servers and following all other same installation steps — no restrictions, no additional charges, no additional hassle.  

Our approach differs from that of GoDaddy, who offers only one server license per certificate. Despite paying more per certificate, you won’t be allowed to install the same wildcard certificate on multiple servers as it is a big licensing issue for them. This means you need to buy separate wildcard or multidomain SSL certificates for every server that hosts your domains and subdomains (in addition to your primary server).  

The Third Biggest Difference Between Comodo vs GoDaddy: Renewal Costs 

GoDaddy charges 10% to 40% higher rates at the time of SSL certificate renewal. Comodo CA/Sectigo doesn’t differentiate between existing and new customers — we renew the SSL for both types of customers at the same rate. In fact, we reward our current customers by sending coupons codes for some SSL certificate that can be used exclusively at the time of renewal.   

Comodo vs GoDaddy: Price Comparison for Popular Wildcard and Multidomain SSL Certificates 

Note: This list includes the approximate annual cost of each certificate. These rates are accurate as of May 8, 2019 and are subject to change at any time. Please click on each link for the latest price.

Wrapping Up 

• All the technical features of SSL/TLS certificates offered by Comodo CA/Sectigo and GoDaddy are similar. They both provide the latest and strongest encryption, which is almost impossible for attackers to decrypt and hack.  
• Comodo offers unlimited server licenses while GoDaddy offers only one server license per certificate.  
• You can secure multiple domains and subdomains with Comodo’s multidomain wildcard SSL; GoDaddy doesn’t offer such an option.   

• GoDaddy charges higher rates at the time of renewal for their SSL/TLS certificates. There is no such difference with Comodo CA/Sectigo. Our SSL certificates renew at the same price (or even less with coupons) that we charge new customers. 

Now that you have all the facts, it’s up to you to choose the best SSL certificate for your website at the best price. You are the best judge. All we can say is when you can get the same (or more) features at a lower price, why pay more?  

Everything You Need to Know About Always on SSL (AOSSL)/HTTPS Everywhere/ SSL Everywhere

It is safe to assume that you have landed on this article because you have already decided to install an SSL certificate on your website but not sure whether you need Always-on SSL (AOSSL). Well, you have arrived on the right page at the right time!

When your entire website is on HTTPS, it is called ‘Always-on SSL’ (AOSSL) or ‘SSL everywhere or HTTPS Everywhere.’

Entire website means all the webpages of your website, including sub-domains and Multi-domains. (Always-On SSL, AOSSL, SSL everywhere and HTTPS everywhere are the same things).

Some people are following an unpopular (and illogical) trend. For some reason, they keep some pages on HTTP and some pages on HTTPS for the same website. In simple words, they intentionally choose to encrypt only some webpages with SSL, while keeping others unsecured.

“so why do people not follow Always-on SSL and more importantly, do I need to practice AOSSL?”

If you have same question in your mind, you are not alone! Let’s dig into the topic and find out a sensible answer for the above question.

Popular Misconceptions about Always-on SSL

Some misconceptions and rumors have haunted the entire SSL certificate industry for a long time!

For example, some people think that HTTPS adversely affects page loading speed. However, sufficient research has now been done that proves that a website on HTTPS loads faster than the one on HTTP when they are enabling HTTP2. HTTP2 is a newer, faster protocol and it works only for HTTPS enabled pages.

Another misconception about SSL certificate is that it interferes with browser caching. This would be a problem, because allowing your users’ web browsers to cache (save locally) certain website files such as images and CSS stylesheets helps your website load faster. The good news is that browser caching works just as well on HTTPS as it does on HTTP. So, you can go ahead and switch your site to HTTPS without worrying about browser caching.

There is one more misconception popular among organizations: that they have to buy additional hardware in their IT infrastructure to force AOSSL. However, when Google implemented Always-On SSL, after extensive tests, their researchers concluded that even their high-volume site did not need additional hardware.

What extra technical steps do I need to follow to use Always-on SSL?

AOSSL technical setup is very simple. In most cases, when you install an SSL certificate, your website will load over HTTP and/or HTTPS. You usually need to make one small change to force redirects to HTTPS. For example, manually set up 301 redirects in htaccess or change settings in WordPress. Otherwise visitors can choose whether to visit your site on HTTP or HTTPS. However, these steps are easy and quick to follow.

Key Benefits of following HTTPS everywhere.

• When some pages of your website are not secured by an SSL certificate, these pages become vulnerable. There are many ways hackers can attack those insecure pages to insert malicious scripts and weaken the overall security of your website.
• Moreover, it is easy for hackers to track all the user movements from encrypted page to unencrypted page. Tracking user movements is not possible by a third party if all the webpages are encrypted. It’s like putting a strong lock on one door of your home and keeping the other door open. How hard would it be for a thief to track your movements and break into your home? Exactly! So, following HTTPS everywhere means making your entire website security stronger. It is like putting strong locks on all the doors of your home.
• All the browsers favor HTTPS pages. If your website is showing ‘not secure’ sign for some pages, your hard-earned website traffic might abandon the session thinking that your entire website is insecure. For example, if you have secured your checkout page but not product page, a customer might not even reach the checkout page and abandon your website on the products’ page when s/he sees that ‘not secure’ sign in the address bar. So, to retain customers’ faith, all pages must be on HTTPS and show a padlock sign.
• When your users bounce between HTTPS and HTTP pages, it gives extra burden to your server. Because every time a new handshake is made between browser and server when someone visits an HTTPS page. For smooth operations, all pages must be on HTTPS.
• Google gives a higher rank to encrypted websites. When some pages of your website are not on HTTPS, your overall rank gets affected. To boost your SEO efforts, you must follow AOSSL.

How much does it cost to follow AOSSL?

Some people think that they have to pay extra to follow SSL everywhere best practice. In reality, the cost of any SSL certificate by default covers the costs for AOSSL. You do NOT need to pay extra to follow Always-on SSL best practice. All the web pages for a single domain will automatically be enabled on HTTPS:// even if you buy the simplest and cheapest SSL certificate like PositiveSSL for $8.61/year. It’s like paying for an entire pizza and eating only half of it to save money! Excuse me, but you have already paid for the entire thing. So throwing the half pizza in the garbage might save some calories but it is not going to save your money! Now you know why we have used the word ‘illogical’ in the first paragraph!

The cost for securing sub-domains and multi-domains is not that much higher than securing a single domain. A multi-domain SSL certificate starts from $23/year, and a wildcard SSL certificate starts from $85.66/year. Hopefully now you can understand how not following AOSSL even for your subdomains and multi-domains can be a dangerous mistake. Following AOSSL will ultimately reward your website with smooth server operations, higher customer trust, better search engine ranking, and overall robust security assurance.

Conclusion

These are the reasons for following Always-on SSL (AOSSL).

• AOSSL technical setup is very simple.
• No additional costs are involved.
• Gain customer trust and reduce bounce rate.
• Save your server from getting an extra load.
• The entire website will be covered under SSL warranty.
• Overall website security becomes stronger — a holistic security approach.
• Improve overall website rankings and SEO efforts.

Analyzing the marketing and security practices of Top 100 ecommerce websites.

If you’re an ecommerce retailer, you need to know what your competitors are doing. If you don’t know what they’re up to, you won’t be able to create a strategy to beat them and win customers. That’s why we’re excited to release the results of our first annual Top 100 Ecommerce Retailers Benchmark Study.

There’s no better friend to any merchant than a fair competitor.

James Cash Penney

Ecommerce Marketing Tactics

In today’s crowded marketplace, companies are battling for customers’ attention. Without effective marketing, ecommerce companies won’t capture market share. We analyzed a few key marketing tactics being used by the top 100 ecommerce websites – here are our notable findings.

Organic Search Traffic Is King

Social media sites like Facebook may get most of the press coverage and buzz today, but it’s still search engines that drive most traffic and revenue in ecommerce. Analyzing traffic data for the top 100 ecommerce sites revealed that search was the leader by far, with social and referrals coming in as distant competitors:

• Direct: 40%
• Referrals: 5%
• Search: 44%
• Social: 3.5%
• Display: 2.5%

Most Sites Don’t Use Cart Abandonment Emails

Sending cart abandonment emails can be a simple way to increase revenue by reminding customers about a purchase they were going to make. But less than a quarter (22%) of the top 100 ecommerce sites have implemented cart abandonment emails.

Ecommerce Security Practices

With data breaches making the news every week, data protection has become increasingly important to users. We analyzed the retailer websites in our study to identify security practices and technologies the top 100 ecommerce retailers have put in place. Here’s what we found:

93% Have Fully Switched To HTTPS

For many years, a typical ecommerce website was only partially on HTTPS protocol. Sites used HTTPS on checkout pages where users were entering their credit card details while the rest of the website would use HTTP.

More recently, Google and other industry players have been pushing websites to adopt HTTPS across all pages. We found that the top 100 ecommerce retailers are on board with this trend, with 93% forcing HTTPS on all pages on their site. The remaining 7% default to HTTP and only force HTTPS during checkout.

Just Under ½ Display A Security Seal

In addition to the standard padlock that displays in the address bar on HTTPS pages, there are a variety of security seals available for ecommerce websites to display to users. Many allow the user to verify that the site’s security is up to date. We found that 40% of the top 100 ecommerce sites have added a third-party security seal to their website.

These third-party security seals are even more valuable for smaller websites that the user may not trust as much as a well-known brand.

Nearly All Use A High-Assurance SSL Certificate

There are several types of SSL certificates (the technology that enables HTTPS security) available on the market:

• Basic validation (aka DV). These certificates encrypt web traffic, but don’t validate the organization that runs the website.
• Business validation (aka OV or EV). These certificates both encrypt web traffic and validate the organization running the website. EV certificates also enable an expanded green address bar.

Our analysis found that 97% of the top ecommerce websites use a high assurance (OV/EV) SSL Certificate. Ecommerce websites choose high assurance SSL certificates to increase customer trust and to provide customers additional assurance when shopping online. Increased customer trust leads to increased revenue, customer satisfaction, and average order value.

HSTS Is Just Catching On

HTTP Strict Transport Security, or HSTS, is a relatively new mechanism to ensure a website always loads over HTTPS. This means that even if a hacker gains access to the users wireless router, the hacker will find it difficult to intercept and steal payment details. This option is still catching on, with only one-quarter of the websites implementing HSTS so far.

Every Site Has A Security and/or Privacy Page

With security breaches in the news every week, security and privacy are big concerns for the average consumer. Top ecommerce websites recognize this – 100% of the top 100 sites have a security and/or privacy page on their website.

Most Have Implemented Minimum Password Requirements

Low security and shared passwords are a big security issue for brands and consumers. Of the top 100 ecommerce websites, 90% require passwords with a minimum length, and 60% require passwords that meet minimum complexity requirements (for example, with numbers or special characters.)

Ecommerce Customer Experience Practices

Giving customers a smooth, enjoyable shopping experience is critical—not only for capturing the first sale, but for encouraging customers to come back and purchase again.

Make your product easier to buy than your competition, or you will find your customers buying from them, not you.

Mark Cuban

Most Sites Offer Phone & Chat Support

Fast shipping and good customer support are among the most important things customers expect from an ecommerce retailer. While part of the attraction of ecommerce is the ability to purchase from your computer or tablet at home, customers also expect to be able to interact with support staff when needed.

Of the top 100 ecommerce sites, 99 offer phone support and 53 offer live chat support.

Most Stores Offer Free Shipping

Amazon’s industry-revolutionizing approach still shapes the ecommerce market today, with just over two-thirds (68%) of the top 100 ecommerce sites offering free shipping. The average minimum to qualify for free shipping is $52.

Several websites, such as Dell, Nordstrom, and Zappos, offer free shipping on all orders with no minimum. A few websites go the other direction, requiring a $150 minimum order to qualify for free shipping. The average site sets a $50 minimum order size for free shipping.

Most Sites Allow 1-2 Months For Returns

Company policies on returns vary widely – from no returns at all, to money back guarantees with no questions asks. Most companies offer some ability to return unwanted products. The average return window is 67 days, while the median return window is 45 days. (The average is higher due to a handful of companies that accept returns up to one year from the purchase date.)