Our current SSL certificate is provided by Verisign, and we’ve had it for three years now. It’s coming up for renewal, and we wanted to add extended validation(EV). The cost on the web site made me pause, but you can’t go wrong with Verisign can you? Besides, it had to be worth contacting them to see if we could cut a deal, as we wanted to go to EV, and probably get another certificate too. Hmmm…
A feature of the last month or two has been the endless bombardment of emails from Verisign reminding me to renew our certificate. We also get emails regularly from individuals with very impressive titles, like the guy who was our “dedicated Executive Security Advisor”. I was never sure if he was dedicated to me, to Verisign, or just dedicated to being an executive. I tried him first, saying that I wanted to upgrade, and install the certificate on more than one server for DR purposes, and would he like to chat. A day or two later I’d had no response, so I left him a voicemail. The fact he had voicemail was reassuring, as it suggested that he was still working for the company, but maybe he was less dedicated now?
A couple of days later I send a reminder email, but now I get an automated response telling me he’s out of the office for four days. I sigh, and send an email to firstname.lastname@example.org, as suggested on the web site. Big mistake. I get a whole lot of individual responses from people telling me that they’re out of the office too. Interestingly, there has been not a single person following up on that email, or any of my other emails.
That was much of July, but in August I am contacted by an Enterprise Account Manager via email. I explain what has happened to date, and say that my interest in working with them is a bit low as a result. I suspect the original email was an automated message too, as I get no response to that either.
I’m a slow learner, as you can see, but by now I’m looking at alternatives. I find DigiCert, and the reviews on the web are very positive, browser support for their root CA certificate seems good, and DigiCert’s prices are very attractive. I’m left wondering what the catch is! A subsequent live chat with one of their support team is very useful, and my mind is made up. I ordered this morning, and within an hour or two I got a phone call from the US to verify some of the data. As you’d expect, they need to verify the business, and our ownership of the domain and so on, and the guys were highly professional and very helpful. We’ve one further document to sign, and a verifying phone call, and then we’ll get our certificate.
I know it’s early days, but the difference with Verisign is like chalk and cheese, and based on my experience to date I’d highly recommend DigiCert.