SSL Certificates: Free Can Be Costly

If you operate a web site that exchanges personal information with the site users, such as an e-Commerce site, you probably know that you should be using the Secured Socket Layer (SSL). SSL enables a secured, encrypted, connection between your web server and the user’s browser. This requires that you obtain an SSL Certificate.

But there are a lot of SSL Certificate providers with a variety of choices. Certificate providers charge varying prices per year for different products. If you have multiple web sites the costs can add up.

 IT Solution Singapore  

IT Solution Singapore

However, there are free Certificates available. They provide a secure, encrypted connection just like other SSL Certificates. So, why should you pay when you can use a free certificate?

Good question!

All things being equal, free is my favorite price range!

It’s very tempting to choose the free “self-signed” Certificates and it might well be all you need. On the other hand, we all know about what happens when you are penny wise!

When a user connects to an SSL site a message is sent with the certificate information required to setup the secured connection. It must include the name of the certificate “signer” which is either:

  • the creator of the certificate (self-signed) or
  • a third party called a Certificate Authority.

A Certificate Authority provides assurances that the site the user thinks they are connecting to is in fact that site. There are scams where hackers trick users into thinking they are connected to one site and they are actually communicating with another. Users may provide personal and financial information to criminals engaged in fraud. Self-signed certificates leave your users vulnerable to these predators.

Because of this, most browsers will display a warning message that the site may be unsecure. The user can bypass the message, but it does not leave the user with a warm and fuzzy feeling about the site. And the message is correct. If your web site has been hacked by a scammer your users are in peril if they proceed.

So, when should you use self-signed certificates?

I would only use them on internal web site, intranet sites. For example, if you have labs that are testing sites that require SSL you can save some money by using self-signed certificates.

I would never use a self-signed certificate on the internet, “customer facing” as we say. The risk is just not worth it and you risk alienating your users. If you are a commercial site servicing customers, that free certificate could end up being very expensive.

Compare SSL [] certificates offered by the Certificate Authorities for one that is most appropriate for your site and choose carefully. The costs and features vary widely and you need to consider your needs. If you have multiple domains and sub sites there are certificates that will help you reduce costs. Depending on how secure you need your site certificates will offer different levels of assurances.