why do ssl certificates cost so much

To be quite honest. there is absolutely NO difference when it comes to SSL certificates. The only contributing factor is the EV / non EV / Wildcard tags. EV == Extended Validation: This means the site is actively " pinged " by the Certificate Authority on the provided IP of the domain, then a server-side script compares the IP address of the ping response from the CA, and the IP address YOU are visiting. This does NOT guarentee that there isn't a man-in-the-middle attack, or net-wide DNS poisoning. This just ensures that the site you are viewing is the same one the CA sees.


Non-EV == no one is actively checking the domain's IP against a logged / provided IP for security purposes. Wildcard == *. domain. com based Certificates are often used when people have a multitude of subdomains, or a set of subdomains that are ever-changing, but still need valid SSL encryption. The truth behind SSL Certificates. You can make your own. They are no less secure than any other certificate. The difference being a " self-signed " certificate is not " vouched for " by any third party.


The problem with SSL Certificates is they are extremely over-priced for what they are. There is absolutely NO garentee that the site you are visiting belongs to whomever is listed on the certificate as owner / location etc. This defeats the purpose of the third-party-trust-chain model SSL was developed to use. ALL Certificate Authorities known as CA's that sell their certificates, wants the user to believe that their certificate is somehow better. When in fact, they never check the information provided for the certificate unless there is an issue that may cost them revenue.


This practice also defeats the purpose of the SSL trust-chain model. I know of only ONE CA that indeed validates it's certificates. This is CACert. org. For them to issue a " complete " certificate (business name, name, addres, phone etc. ) you must meet one of their assurer's FACE-TO-FACE!. However. most browsers do not use CACert. org due to pressures added to them by mega corporations like Thawte, Comodo, and Verisign.


So. to sum it all up. The only differences between certificates is the behavior of the CA. Certificates can't really be trusted to verify anything other than the connection to the site is useing encryption. At the end of the day, people think paying $100 - $1000 somehow equates to trustworthiness. This is NOT the case. It just means you deal with less sophisticated or less established crooks.
The expensive one is a wildcard certificate. It works for all subdomains of example. com. The cheap one only works for a single domain.


The Comodo equivalent of the NameCheap one is which is $41. It's not stated whether the Comodo one is domain-validated or organisation-validated but the NameCheap one is listed as being domain-validated. Domain-validated SSL certs are cheaper because less effort goes into issuing them. The NameCheap one has a $10,000 warranty. The Comodo one has a $250,000 warranty. 99. 3% browser compatability from NameCheap is comparatively low. 99. 9% is more common. For SSL shopping advice in general, is the best place to go.