I need a small number of low-cost SSL certificates. The important requirement is compatibility with most browsers and operating systems. I will be using them to secure specialized browser-based applications on my servers.
Here are my questions:
Are there certificate authorities I should avoid, because the certificates that they issue cannot be authenticated by popular browsers and operating systems?
As long as the end-users' browsers establish a secure SSL connection to my servers, why do I care which certificate authority signs my certificate? Do normal end users actually bother to check which CA signs my certificate?
Here are my thoughts:
Buy the least expensive SSL certificate, as long as nearly all browsers and OSs can authenticate it and the corresponding SSL connections are secure (they use appropriate key sizes, etc.).
If a few tin-foil-hat types disable certain root CA certificates in their systems so that my servers won't authenticate, that's their problem, not mine. I suspect that very few people actually do this.
Am I missing any other considerations?