SSL Certificate Compatibility

SSL certificate compatibility is an important factor to consider when you are deciding on an SSL provider. SSL compatibility is determined by the number of browsers that automatically include the root certificate that your certificate links up to. If all of your visitors use Firefox 3 then you only need to have a certificate that is signed by a root certificate in Firefox 3. Unfortunately (and fortunately in many ways), we live in a heterogeneous world with many different browsers. Thankfully, virtually all commercial certificate authorities issue certificate that are compatible with 99% of all major browsers. This is what makes them worth paying for. If they weren’t 99% compatible, you might as well create a self-signed certificate for free.

SSL Browser Compatibility

All commercial certificate authorities have relationships with web browser vendors so that their root certificates are embedded in their browsers. The major browsers include Internet Explorer, Firefox, Safari, Opera, Netscape, and AOL. You can usually verify a browser’s SSL compatibility by looking in the browser’s “certificate store” to find out if a particular root certificate is included in a web browser. Because web browsers are so easy to update, the root certificates are updated often so that SSL browser compatibility is rarely an issue unless your visitors like to use really old browsers.

SSL Server Compatibility

Because of the way that SSL works, servers don’t really need to have root certificates embedded in them for SSL compatibility. You will simply install your server certificate and any intermediate certificates to the server and it will send those to the client/browser. It is up to the browser to determine if it is trusted or not. Essentially, a server will work with a certificate signed by any certificate authority as long as you install it correctly. Notable exceptions include servers or devices that only support unchained certificates but those are few and far between.

SSL Certificate Compatibility on Mobile Devices

Because mobile devices (such as Windows Mobile, Blackberry, iPhone, and Symbian OS) are much more difficult to update than normal web browsers, many root certificates are only included in newer mobile devices. This is important to understand if you have users with older mobile devices. However, most major providers are compatible with the majority of mobile devices/cell phones. But if you need to support older devices, make sure to research your compatibility list of the certificate provider that you decide on using the links below.

SSL Certificate Compatibility Links

If you want to find out the SSL certificate compatibility of a specific certificate provider, check out the following links:

Originally posted on Sun Mar 29, 2009