Six weeks in

Our first few weeks of CertSimple

By Mike on 5th May 2015

We launched CertSimple on 16th of March with a post to Hacker News. While we didn't have every feature we wanted in the product yet, we still had a substantial improvement over the existing SSL market:

So with those features we launched.

Revenue

We started making money on the first day, we made $4078.08 USD in the last six weeks.

Measuring our own performance

The industry's normal estimate for an EV certificate is 7-10 days, and our founder Mike started the company after waiting 3 weeks for an EV cert from GoDaddy. We thought CertSimple would be faster than existing SSL providers before we launched, but we didn't have any numbers to prove it.

Since we've launched we've been able to put a number on that: we issue EV certificates in an average of 5 hours. In some cases much faster.

This means we're likely the fastest place you can get an EV certificate.

This is nice, but more importantly launching and collecting this data allowed us to put a real number against the speed and simplicity claims, for people who need to launch their web apps now and don't want to wait to do so.

Customers

We focused on web developers because they're usually the ones charged with getting SSL certificates - they're also the ones who have to tell someone else that there's a 10 day delay until their EV certificate gets verified. So far, that's been true: every single customer we've had is a someone making a web app of some kind.

Marketing by making useful stuff

We hoped our happy customers would Tweet about us, and some did: we've had a some great Twitter testimonials. However, we've also been reminded that the the vast majority of developers aren't the Tweeting, conference going type. We've had robotics academics in California who are too busy working to follow important events and customers in non-English speaking markets.

The most effective marketing we've been doing is actually making useful stuff. We've published 9 blog articles, frequently also publishing code, on topics randing from SSL configuration, cleaning out all the junk you see in whois results, measuring RSA performance, using Mozilla's Server Side TLS settings on NPM, command comparison across server Operating Systems, and a bunch of other topics.

These weren't easy to write: converting Mathematica code to JavaScript (with its 53 bit Number prototype) or writing scraper bots for SSL certificates can be tough, but they've been successful. A few have made the Hacker News front page, companies like MaxCDN and Codeship have retweeted our our articles, and in some cases individual communities like the node.js and SmartOS communities have latched onto and contributed to particular articles. Every one of our sales so far has come from publishing useful research.

Asides from being useful, we hope these articles establish that CertSimple actually cares about the same things as our customers: developing and deploying web apps. We can and do talk technically with customers as peers. Most SSL vendors have 'SSL experts' who don't know what a certificate subject is. You can't measure it easily, but we think being involved in the same industry as our customers makes us more appealing.

Customers have even suggested article topics they'd like us to cover in future - we're planning to do follow a few of those suggestions.

Being useful to long-term prospects

One thing with the SSL industry is that not everyone needs a certificate now. We've been as helpful as possible to people who probably won't be customers in the immediate future: frequently providing some advice about cipher config, or domain registration. We haven't and won't see revenue from these people in the short term. But we have gotten:

seriously, this has been the best thing since sliced bread, the wheel and fire.

Which, asides from being good to hear, is a fairly good indication when the time comes they'll pick the SSL vendor they've actually had a conversation with rather than the one they haven't.

Interestingly, we've attracted attention from developers who don't have a web interface to their apps - eg, they're a REST API with iOS and Android clients. In that case, we've pointed out that EV isn't relevant for them. Identity checks for iOS and Android apps are done via code signing in their respective app stores. Futhermore, and if there's no browser UI, there's no green bar. We've happily directed their business towards free or cheap non-EV certificates that will suffice in these occasions.

AdWords was a waste of time

We also decided to run a Google Adwords campaign. We ran what we thought was tight copy: our founder Mike has written professionally in a past lifetime. We ran a campaign for around a month and followed every suggestion Adwords gave except the massive amounts of unrelated keywords. In the month we ran the campaign, not a single sale was from AdWords.

In all, we would have been better taking the time and money we spent on AdWords and doing something useful for potential customers.

Surprises

Customers don't always use things the same way you do. We'd thought that most developers using Windows desktops would also be using Windows servers - we'd add the ability to switch later. Almost immediately after launch someone asked us to show instructions for Linux/Unix servers on their Windows browser.

Another customer pasted a huge pre-seperated list of server names straight from a spreadsheet, which broke the tags widget we were using. We added support for doing that the same day.

There's been one negative thing that's happened: at one point our bank decided to flag the large volume of payments from our account to our CA as fraud. This stopped us from processing orders. It took a while to resolve the issue, and though it was eventually fixed, and workarounds added for the future, we had to refund a customer whose order was unable to be processed during the period. In an otherwise happy month this felt awful: we hate for even one customer to be disappointed. If you run a startup involving online payments, you should be aware of this risk and take steps to avoid the same thing happening to you.

However, looking back: we're glad we launched early and identified these issues before we grew any larger.

New things in the last few weeks

We've also made a couple of changes since launching:

What's next

More useful research for people making web apps! We're going to look at ECC performance and certificate deployment options soon.

For the company: we're building relationships with a few key folk in the industry.

We'd like to get funding to grow CertSimple. Helping companies prove their identity online in a non-awful way is a great business that helps everyone involved. EV certificates shouldn't be reserved for big technology companies but rather anyone who wants to prove their identity online.

If you're interested in making that happen - or have any other thoughts - email our founder on mike@certsimple.com. Thanks!

Mike MacCana, founder at CertSimple.

CertSimple makes EV HTTPS fast and painless.

An EV HTTPS certificate verifies the company behind your website. But getting verified is a slow painful process. CertSimple provides EV HTTPS certificates 40x faster than other vendors. We check your company registration, network details, physical address and flag common errors before you pay us, provide verification steps specific for your company, update in realtime during the process, and even check your infrastructure to help you set up HTTPS securely.
Verify your site now!