First of all, let it be known that I neither use nor recommend RackShack certs, but mostly because I resell someone else's
and have been for several years.
Second let me point out my point of view about the guarantee and the so-called "registered business" you write about...
I, too, used to buy certs from one of the big guys (in fact from Verisign, and they certainly weren't cheap).
But let's consider the certs we buy... we either buy certs for ourselves or for our customers.
If we're buying a cert for ourselves we know if we're in business or not; we don't have to prove it to anyone.
And the guarantee doesn't protect us at all; it protects our customer under one very limited circumstance (please read the fine print and you'll see what I mean)...
The guarantee on the cert we buy only protects our customer if we're NOT who we say we are. In other words, if I say I'm (for example only) DirectAdmin, and I get a cert in DirectAdmin's name, and put that cert on an imitation DirectAdmin website, and somehow manage to trick DirectAdmin customers into logging into myseite, and I take money from them under false pretenses, then whoever I took money from will have the money refunded to them under the guarantee.
BUT... and it's a very important but...
If I buy a cert with a $100,000 guarantee, and someone else spoofs my domain and buys a cheap cert without a warranty to protect it... my customer doesn't get anything from the issuer of that cert (because there was no warranty), or the issuer of my cert (because my cert wasn't involved in the transaction).
So no matter how much extra I pay for a cert, my customer gets nothing as long as they end up on my website and I fill my promises. In fact, since the warranty is only that I am who I say I am, there's no benefit to either me or to my customer no matter how high a guaranty I have on the cert I buy.
When I buy a cert for my client, presumably I know they're a business, because I'm doing business with them.
If you really need to know if your client is a real business or not (and remember you don't have to be a business to buy a cert), you should have them pay you by a company check. Presumably if they have a company check they've been able to prove to their bank that they're a business.
The important thing is to make sure that the person who buys the cert for a given website actually has control over that website; we check whois records to see who owns the website, and we contact them at the address listed in the whois record, and wait until we get a reply, before we order the cert for our client.
The vendor who I resell offers certs at different prices, with and without warranty, and no one has ever bought a cert with a warranty from us.
Note that I am not a lawyer, and I recommend you read the warranty carefullly yourself and have your attorney review it, before you decide if it's worth extra money to your company to buy a cert with a warranty.
Jeff
