alex_aldo - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Subscription model for SSL certificates could be easier and cheaper

A Utah-based startup hopes to change the way enterprises buy SSL certificates to a subscription model, and one expert thinks it could work as long as enterprises can trust the security.

A Utah-based startup has pinned its hopes on a new model for enterprise acquisition of SSL certificates -- one based on subscriptions.

HydrantID, an identity and authentication service vendor based in Salt Lake City, believes that an SSL certificate subscription service will be cheaper and easier. The traditional model for buying SSL certificates has charged organizations for each certificate purchased, with prices varying according to how many servers the certificate would be used on, how long it would last, and the type of certificate issued.

The HydrantID subscription gives enterprises access to a cloud platform for managing all SSL certificates an organization may need. Current plans are structured in tiers based on the number of certificates needed and the number of domains that would be covered, with pricing set on a monthly basis. Not all SSL certificates are included in the monthly cost; HydrantID noted that EV certificates and wildcard certificates will still be sold on a yearly basis.

Rob Shapland, senior penetration tester at UK-based First Base Technologies LLC, said that this solution could fill a gap in the SSL certificate market, and reduce issues associated with maintaining an internal database of SSL certificates and their renewal dates.

"If implemented as it claims, it should remove the risk of failing to renew certificates, and will save time by managing all certificates centrally," Shapland said. "In a large organization, this could save a lot of time."

Shapland said that time will tell if the service is as easy to use as claimed, warning that HydrantID itself needs to prove its security framework is solid.

"The challenge will be for them to be able to deliver a system that cuts through the confusion of all the different SSL certificates types and allows customers to choose the most appropriate and most secure choice," Shapland said. "They will also need to ensure their own cloud-based system is as secure as it can be, as consumer confidence will be reliant on the security of the system."

Next Steps

Learn some practical tips for SSL certificate management

Dig Deeper on Web security tools and best practices