Chained SSL Certificates

What is a chained root SSL Certificate?

When connecting to a webserver over SSL, the visitor's browser decides whether or not to trust the website's SSL certificate based on which Certification Authority has issued the actual SSL certificate. To determine this, the browser looks at its list of trusted issuing authorities - represented by a collection of Trusted Root CA certificates added into the browser by the browser vendor (such as Microsoft and Netscape).

Most SSL certificates are issued by CAs who own and use their own Trusted Root CA certificates, such as those issued by GeoTrust. As GeoTrust is known to browser vendors as a trusted issuing authority, its Trusted Root CA certificate has already been added to all popular browsers, and hence is already trusted. These SSL certificates are known as "single root" SSL certificates.

FreeSSL.com, a subsidiary of GeoTrust, also owns the UTN root used to issue FreeSSL certificates.Some Certification Authorities, like Comodo, do not have a Trusted Root CA certificate present in browsers, therefore they need a "chained root" in order for their certificates to be trusted - essentially a CA with a Trusted Root CA certificate issues a "chained" certificate which "inherits" the browser recognition of the Trusted Root CA. These SSL certificates are known as "chained root" SSL certificates. For a Certification Authority to have its own Trusted Root CA certificate already present in browsers is a clear sign that they are long-time, stable and credible organizations who have long term relationships with the browser vendors (such as Microsoft and Netscape) for the inclusion of their Trusted Root CA certificates. For this reason, such CAs are seen as being considerably more credible and stable than chained root certificate providers who do not have a direct relationship with the browser vendors.

You can view the Certification Authorities who have their own root certificates by viewing the list in your browser. Click here for instructions.

Chained root certificates require additional effort to install as the webserver must also have the chained root installed. This is not necessary for single root certificates.

Both UltraSSL's ChainedSSL product and Comodo's InstantSSL product are chained root certificates. However FreeSSL.com own the trusted CA root used to issue ChainedSSL and are therefore the only stable chained root provider. Comodo do not own the Baltimore root used to issue InstantSSL certificates and therefore cannot offer the stability of ChainedSSL.Like chained root certificates in general, FreeSSL.com's ChainedSSL chained root certificates are ideal for low value, low volume commercial sites. At only $30 per certificate, ChainedSSL is the only stable low cost chained root certificate available in the industry! Other chained root providers such as Comodo retail their chained root certificates in excess of $49.

Why is stability important for chained root SSL certificates?

Like FreeSSL certificates, ChainedSSL certificates are issued from a trusted CA root certificate that is owned by FreeSSL.com. Some chained root certificate providers, such as Comodo InstantSSL, do not own their own trusted root, which means that their chained root offerings are unstable. They rely on the trusted root certificate owner to allow them to issue certificates and have no control over what the owner of the certificate does with the certificate - as has recently been shown when Baltimore has decided to sell the root certificate. The only way to offer a stable chained root product is to own the root being used to issue the chained root certificates.

What is ChainedSSL?
ChainedSSL is a chained root web server certificate that allows web sites to conduct secure e-commerce with an encrypted SSL connection and is ideal for low volume, low transaction value websites. ChainedSSL lowers the barrier of entry for companies that want chained root SSL security by providing immediately issued certificates at the lowest cost available. Comparable products sell in excess of $49 each, while ChainedSSL provides the same industry standard chained root SSL security at fantastic savings!