SSL Digital Certificate Providers Overview
The market for SSL certificates is largely held by a small number of multinational companies called Certified Authorities (CA). A CA is an entity that issues SSL Digital Certificates for use by other parties. It is an example of a trusted third party.
The most popular CA’s include:
Verisign
GeoTrust
Thawte
Comodo
A CA’s primary role, other then issuing the SSL Digital Certificate, is to verify an applicant’s credentials, so that users and relying parties can trust the information in the CA’s certificates. CAs use a variety of standards and tests to do so. In essence the Certificate Authority is responsible for saying “yes, this person is who they say they are, and we, the CA, verify that”.
This market has significant barriers to entry since new providers must undergo annual security audits (such as WebTrust for Certification Authorities) to be included in the list of web browser trusted authorities. More than 50 root certificates are trusted in the most popular web browser versions. A 2007 market share report from Security Space as of September of that year determined that VeriSign and its acquisitions (which include Thawte and more recently Geotrust) have a 57.6% share of the certificate authority market, followed by Comodo (largely through Instant SSL) (8.3%), and GoDaddy (6.4%).
