SSLs.com always strives to be on the cutting edge of Web security. We believe that modern trends toward more universal encryption of Internet traffic is a positive factor for all users and leads to increased safety and development.
You may have heard about a recent initiative to introduce free SSL certificates, and while this may seem like a very attractive offer on the surface, there are, in reality, several considerable drawbacks to these free SSLs which we’d like you to be aware of. Let’s compare together.
Though free SSLs provide the same level of encryption to the transmitted data and are able to protect you from MITM attack, there is an essential security element missing in free certificates: business validation.
To a customer shopping in an online store, the question of trust is important, and business validation ensures that they are dealing with a real, legally operating company. Additionally, it verifies that there is a real place you as a customer can turn to in case of fraudulent behavior of the company. Large companies for which trustworthiness is essential to their business often go even further and choose Extended Validation certs (identified by the “green bar” feature) to gain their clients’ trust from the moment their site loads. Currently, certs from all trusted Certificate Authorities (CAs) provide business validation.
Conversely, free SSL providers offer only basic domain validation certs. And, unlike trusted CAs, these vendors do not offer validation checks, thus providing no warranty if you become a victim of credit card fraud while shopping on that site.
In a similar situation, if you’ve had a paid SSL installed, you would be able to report the issue to the Certificate Issuer and receive a compensation for your losses. Moreover, SSLs.com works closely with the Certificate Authority: if the CA locates any suspicious behaviour on the website which results in them revoking the SSL cert, we are sure to perform similar restrictive action from our side as well.
Free SSLs differ from certificates provided by trusted CAs in a variety of ways. First, there is duration of validity. While you can order a paid cert that’s valid for one, two, or three years, free certs can often expire after just 90 days, requiring you to constantly monitor the certificate’s expiration date to stay current with renewal, potentially taking time away from other important aspects of running your site.
In the situations where you need to secure multiple subdomains, Wildcard certificates can be helpful. With paid SSLs, you can activate the whole Wildcard cert once (for *.example.com common name) and all the subdomains you have or will create later (which can replace *) are automatically included in the cert, as long as you install the same files on your servers.
With free certs, though, most likely they can only be single- or multi-domain (MDC). MDC can be a solution for your subdomains, however, including every subdomain to the SSL separately can be time-consuming.
One more important thing to know is that you may need to have root access to your server in order to install some free SSLs. There is also a chance that these scripts will overwrite your setup configuration, so it’s important to have deep technical knowledge to make everything work properly. It probably goes without saying at this point that will not have this kind of hassle with paid certs; they are supported by most of the popular servers.
So as you can see, the nature of free SSLs makes them not the easiest service to implement. Normally, when you have trouble with activation or installation of a paid SSL, you know that you can find help. At SSLs.com we are ready to help you and walk through the process of SSL setup, and we’re online 24/7 so you can contact us any time.
Unfortunately, when it comes to the same kind of guidance or assistance with free SSLs, there is seldom a person you can call for help. Free SSL vendors rarely provide customer support, or it is quite limited.
To summarize the pros and cons: if you are confident in your technical knowledge and ability to set up all the necessary software to secure your non-commercial blog, portfolio or personal website, a free SSL can definitely be a good solution.
However, if you are running a starting company which does not need the whole server or vice versa, your enterprise is already too developed to be served effectively by a free DV cert, then the best solution for you is an SSL from a trusted provider.