Symantec buys large share of SSL market

Symantec has agreed to acquire VeriSign's Identity and Authentication business for an aggregate purchase price of $1.28 billion. It had previously looked as though Symantec was setting itself up to become a direct competitor of VeriSign following its recent acquisition of PGP Corporation, which also has trusted root certificates in browsers through its own acquisition of TC TrustCenter.

Symantec's acquisition will include VeriSign's SSL and trust services. Netcraft's most recent SSL survey shows that VeriSign is the largest SSL certificate authority, with around half a million valid and distinct SSL certificates in use on the web, giving it a market share of 38%.

Overall growth trend in the SSL certificate market (all companies)
ssl-growth.png

The widespread use of VeriSign certificates is also evident from handling more than 2 billion Online Certificate Status Protocol lookups in a single day last month, less than a year after hitting 1 billion per day. These OCSP checks allow web browsers to determine whether a certificate has been revoked.

In recent years, VeriSign has been keen to evangelise Extended Validation SSL certificates. These certificates cause the browser's address bar to turn green, which indicates to a customer that the identity of a site has been authenticated according to the most rigorous industry standard.

VeriSign holds a significant 71% share of the Extended Validation market. Although this market itself only accounts for 1.5% of all SSL certificates, it has typically been a high value market, with VeriSign currently selling individual certificates from $995 for 1 year.

Symantec's announcement cites $408 million revenue for VeriSign's business during the twelve months leading up to the end of March, much of which is likely to have come from SSL certificate sales alone.

Despite several other companies selling Extended Validation certificates at lower prices, VeriSign's market share has only fallen by 2 percentage points over the past 12 months. However, competitor Go Daddy's aggressive new pricing of $99.99 earlier this year has already resulted in a noticeable growth increase at Go Daddy over the past few months.

Symantec recently acquired PGP Corporation for approximately $300 million. PGP had previously made its own agreements to acquire the privately-held TC TrustCenter, along with its parent company, ChosenSecurity. PGP now sells organization validated, wildcard and extended validation certificates under the PGP TrustCenter brand.

The SSL certificate market continues to thrive, with our last SSL survey finding a total of 1.3 million distinct valid third-party SSL certificates.