Do I require a single root or intermediate SSL certificate?
Some certificates are issued directly by a Trusted Root CA certificate e.g. GeoTrust. The Trusted Root CA certificate is already contained within all popular browsers, and hence is already trusted. Some Certification Authorities do not have a Trusted Root CA certificate present in browsers, therefore they need a “chained root” in order for their certificates to be trusted.
Both FreeSSL.com’s ChainedSSL Wildcard product and Comodo’s InstantSSL product are chained root certificates. However FreeSSL.com own the trusted CA root used to issue ChainedSSL Wildcard and are therefore the only stable chained root provider. Comodo do not own the BeTrusted root used to issue InstantSSL certificates and therefore cannot offer the stability of ChainedSSL Wildcard.
Both StarterSSL and all of the Professional Level Certificates offered by FreeSSL.com are single root certificates.
Compared to single root installations, chained root certificates require additional webserver installation steps. If a CA is chosen that requires the installation of more than one certificate, then it is advisable to ensure that the necessary technical expertise or resources to be able to perform the installation are available. Loading and managing multiple certificates per installation, especially in an enterprise environment, can be costly and cumbersome.
8