Verisign vs. Thawte? Looking for advice

Our SSL certificate with Thawte is about to expire and I was wondering if this is still the best route.

Any recommendations?

This question is an old one. Here is one little contribution, also look at the SSL tags at ServerFault. I see no reason to focus on Verisign and Thawte, unless you strongly believe that their site seals improve your conversion rate. And if that is the case, then go the whole way, and get a Verisign Extended Validation certificate. My take, in short form, is that your choices are:

1. A name-brand SSL certificate with clear root chain, but purchased from one of the cheap resellers at < 50USD. By name-brand, I mean a certificate with the same signing root as the big players use -- Comodo from a cheap reseller, RapidSSL (cheaper GeoTrust), InstantSSL (cheaper Comodo), et cetera.
2. A name-brand SSL certificate with a nice logo / "trustmark" to put on your shopping cart ("Secure by ..."), purchased directly from the issuer (I like DigiCert).
3. A name-brand Extended Validation certificate. So far, you need to work directly with the issuer to get approved for these, there is a fair amount of paperwork required to prove identity, and the prices are high often > 250 USD/year.

I would personally either get a cheap Comodo or similar certificate from:

• Here, ~50 USD
• Here, less than 100 USD
• Here, GeoTrust and Verisign too.

I'm still on the fence with regards to Extended Validation. What they're trying to do is a good thing, and the extra consumer confidence they can provide is a good thing, possibly lowering abandonment rate. All the big names (Microsoft etc) use EV certs now. On the other hand, I have not seen a definitive usability study showing that the really work, that end users really grok the difference.

The more expensive non-Extended Validation certificates are a bit of a scam, really. They don't add any authentication or encryption beyond what the really cheap ones provide. Don't overbuy, i.e. don't think that the 200 USD non-EV certificate is necessarily better than the 50 USD non-EV cert with the same root.

Last bit of advice: If you take the cheap route, then look at your current domain registrar, DNS host, and web hosts. Sometimes they can sell you a cheap certificate with the same trust root as everyone else, and a streamlined buying process because they already have your domain information.

You would do well to compare the prices of the exact same certificate from Verisign, Thawte, and Comodo. They all offer virtually the exact same service. But their prices vary rather dramatically.

Every current version of Windows (XP, Vista, Win 7, etc) comes with equal built in recognition for certificates from all three provders.

I plan on buying a Godaddy certificate. Not nearly as expensive and the name is there.

+1 for taking a look at Comodo certificates. We've been using them for years.

Most of the other answers here deal mainly with the price.

Another aspect is the security the certificate provides - see this question on ITSecurity for a discussion on that.

Though the bottom line is pretty much "any of the well-known CAs can do the job well enough" (though in some situations there might be some benefit to some).