What’s the Difference? – Free SSL vs Paid SSL Certificate
Is a Free SSL Certificate Better Than a Paid One? Let’s Talk About it
These are all good questions. Questions to which there aren’t necessarily easy answers. Because the decision between free SSL and paid SSL comes down to several factors, the most important being the tech savviness of you or your IT staff.
An SSL certificate is an SSL certificate
Before we go any further let’s address something that most commercial Certificate Authorities and SSL services don’t like to put on front street. From an encryption standpoint, every SSL certificate does exactly the same thing. You do not get stronger encryption from paid SSL certificates than you do from Free SSL certificates. And vice versa. Encryption strength is actually more a matter of browser/system configurations on the client-side and server configurations site-side. So, whether you install a $1,000 SSL certificate or a free one, your website and its visitors will enjoy the exact same protection.
So why wouldn’t I choose a free SSL certificate?
Well, for many technically savvy users free SSL is the right choice. If you know you’re going to have no problem installing and managing the certificates, then free SSL is great. But there are also some parties that should not be using free SSL, too:
- Non-tech savvy site owners
- E-commerce websites
- Government websites
- Enterprise Companies
What do paid SSL certificates do that free ones don’t?
While the encryption strength you’re getting is standard across all certificates, there are some substantial differences in other areas.
For starters, a free SSL certificate only authenticates the domain it’s issued for. When you see the https:// in the address bar (which is going away in Google Chrome 69), you know for sure that you are at that domain (and it’s not a Unicode domain or something phishy). But that’s it. You don’t know who is running that website, whether they are a real business—anything.
Paid SSL certificates have higher levels of validation available that can provide your users with verified details, not just about the domain they’re on but about the company or organization behind it. This is sometimes called business authentication and it is only available from commercial CAs. After all, taking the time to validate a company or organization takes time and resources the free CAs just don’t.
Speaking of resources, free CAs typically lack a support apparatus. When you pay for an SSL certificate, part of what’s baked into the price is the support that is available should you need anything. SSL/TLS has a lot of moving parts, that means there are a lot of chances for something to happen where you may be out of your depth. If anything ever breaks with free SSL you basically have to crowd source your support by sifting through old blogs or posting questions on forums. Paid SSL certificates come with 24/7 support. That’s a big factor for a lot of people.
And then there’s this, something many people don’t like to talk about: you have to put faith in your free CA that it will continue to be around. While AWS and cPanel aren’t likely to go anywhere anytime soon, Let’s Encrypt relies entirely on the generosity of others. Not a day goes by where it’s not panhandling on Twitter.
“Please, sir. The only way we can encrypt the internet for free is if you give us some of your money.”
You’d really be up a creek if that well ran dry and suddenly you had an entire portfolio of certificates that couldn’t be renewed.
Why shouldn’t enterprises use free SSL?
Actually, they should. Just not from a free CA. Enterprises have massive infrastructures that can require thousands of certificates. Obviously buying commercial certificates for all those end points would be cost prohibitive. But that’s where Enterprises need to consider a managed PKI solution where they work with a CA to create their own root certificate, which is then installed in the root store of all of its end points so that it can issue trusted certificates for any internal networks or intranets that it has.
Externally, it’s usually better to use paid certificates on account of the business authentication they provide. Customers like the assurance of knowing who is behind the website’s they’re on and SSL is one way to provide that information.
|Brand||SSL Product||SSL Type||Price/Year||Retail Cost||More Details|
|Positive SSL||DV SSL||$7.27/yr||$196.00/yr||Read More|
|SSL Web Server||OV SSL||$86.50/yr||$345.00/yr||Read More|
|PositiveSSL EV||EV SSL||$74.99/yr||$596.00/yr||Read More|
|Positive SSL Wildcard||DV SSL||$72.31/yr||$996.00/yr||Read More|
|Positive Multi-Domain SSL||DV SSL||$19.49/yr||$660.00/yr||Read More|
|Positive SSL Multi-Domain Wildcard||DV SSL||$161.69/yr||$1596.00/yr||Read More|
|TBID EV Multi-Domain||EV SSL||$323.50/yr||$873.00/yr||Read More|
So what is it? Free SSL or Paid SSL?
As we’ve said, it depends on you, your situation and whether you are tech savvy enough to manage free SSL. Because here’s the other advantage paid certificates have over free ones: paid ones last longer. You can get a paid SSL certificate issued for as long as two years. Max validity for most free SSL is three months. Once again, this is no problem for some in the tech community, it represents a major inconvenience for others.
The choice is yours, we just want you to have all the facts.