SSL Certificates will only be recognized by a browser if the Root Certificate of the CA is present within the “trusted Root Certificates” store of the browser. CA Root Certificates are added into the trusted Root Certificate store by the browser or operating system vendor, such as Microsoft or Netscape. In general SSL vendors need to be audited to WebTrust complaint standards set by the AICPA.
If you use an SSL Certificate that has been issued by a CA Root Certificate not present in the trusted Root Certificate store in one of the commercially available browsers then the visitor’s browser will display a warning message. Clearly you need to avoid such warnings. Ensure you avoid such warnings by selecting a cost effective SSL Provider with the highest browser acceptance level across all browsers.
What browser ubiquity do I need?
Anything less than 99% browser ubiquity will cause issues with some customers, customers who may otherwise purchase from your site. REMEMBER CUSTOMERS = $$! High Assurance providers such as Comodo, VeriSign, Thawte and Entrust all provide 99% browser ubiquity and are included in the base install of Windows 98SE, ME, 2000 and XP.
IPSCA provides only 96% browser ubiquity and are not compatible with Netscape. IPSCA is not included in the base install of Windows 98SE and will require such customers to upgrade to avoid Security Warnings