How SSLplus rates

1. The Issuer

The issuer (Certification Authority or CA) is the focus of the assessment for certificates. How is it structured, what products and services does it offer? Is the CA driving innovations in security and identity management? Does it provide customers with an understandable interface for the easy issuance of their certificate? Does it have extensive interfaces for daily operations? Ultimately, the reputation of a CA contributes to a connection protected by it being viewed as trustworthy, encouraging customers to conduct business and exchange data through it. Therefore, we critically assess how a CA presents itself externally and how it is perceived in the market. We also examine the extent to which the CA insures its own products in case of warranty claims.

 

2. Data Protection

How does the certification authority handle customer data? Are data exported to the headquarters or stored on domestic servers? What data protection regulations, such as Privacy Shield or EU GDPR, are applied? For certificates whose primary function is to encrypt traffic and/or guarantee authenticity through validation, data protection and data handling are essential evaluation criteria for us. Therefore, certifications such as eIDAS and ISO27001 are significantly considered.

 

3. Support / Responsiveness

The support of an issuer often determines the success of a certification. Particularly in cases of certificates with identity verification, the ability to contact and perform company or individual validation can become a bottleneck in issuance. Is support only available in the native language of the CA (e.g., Polish, French, or English), or does the issuer also have German-speaking staff? Can the CA be contacted by phone (same time zones), or is only a chat available on the website?

 

4. Number of Cancellations

A high cancellation rate for certificates likely indicates difficult or opaque processes on the part of the CA, inaccurate product features, or technical problems with the CA. The result is that the customer must apply for a different certificate, obtaining a suitable one only on the second attempt. Therefore, the cancellation rate is a valuable indicator of whether a customer will be satisfied with their choice and is a significant ranking factor for SSLplus evaluations.

 

5. Speed

Our system continuously monitors the speed of the interfaces of all connected certification authorities. The faster a CA responds and processes the submitted requests, the higher the ranking. If a CA does not respond or only does so with significant delays, the certificate will be removed from the recommendation list. This ensures that customers can quickly obtain their certificates and automated bookings do not stall.

 

6. Effort for the Customer

Applying for and issuing a certificate involves effort, and organizational validation naturally requires more effort than simple domain validation. Our systems take these additional efforts into account and relate them. If applying for a certificate requires significant additional effort, for example, because the CA only issues vouchers and the customer must enter all data themselves, this leads to a devaluation in the ranking. Conversely, if the customer can complete all application steps through the SSLplus systems, thus benefiting from a handle delegation, SSL monitor, and simple order overview, we reward this with bonus points.

 

7. WebID

Validation through WebID allows the customer to validate their personal data at their desired time. We reward this freedom in the process with a points credit in the ranking.