Free SSL Certificates - Are They Enough?
Some organizations often do not have sufficient financial resources to afford a premium SSL certificate.
Fortunately, companies like Let’s Encrypt, CloudFlare, SmartSSL, and Amazon offer free SSL certificates.
These service providers’ certificates give website administrators the most basic security features and
access to HTTPS. The purpose of offering free SSL started as an initiative aimed at encouraging websites
to switch to the secure HTTPS protocol. This initiative received the support of search engines including
Google and Bing, popular browsers Mozilla and Google Chrome, social network Facebook and many others.
Let’s Encrypt are one of the most popular providers of these free certificates They’re an open source project
with the goal of creating a 100% encrypted Web. This certificate authority (CA) has rocked the CA industry
in recent years by offering free Domain Validation (DV) SSL certificates to any qualifying site. The
benefits are threefold for their users: a site is secured, visitors have peace of mind, and site administrators
have to spend a dollar. It’s an understandably tempting proposition.
Readers who've set up an SSL certificate before will know that the process could stand to be simpler. On
launching, one of Let’s Encrypt’s major goals was to simplify the process of obtaining and installing
an SSL certificate. To that end, they’ve been a great success. Their accessibility has made them incredibly
popular. The certificates are quick to set up, they’re convenient, and they’re appealing to bloggers
and other web users who typically don’t process payments online. They not only save you a lot of hassle,
but it also means you won’t have to pay for yearly renewals.
Here’s a breakdown of the most beneficial features free services such as Let’s Encrypt offers:
Heightened security - Any SSL certificate allows you to use the HTTPS protocol throughout
Less hassle - Adding and renewing certificates can be a bit of a process, but Let’s
Encrypt keeps things simple.
SEO advantages - Search engines such as Google are strongly encouraging website owners
to use the HTTPS protocol on their sites. In practice, this may translate to better SEO results.
At this point, using a free SSL CA might sound like the perfect option. While there are clear benefits to
using free SSL services such as Let's Encrypt, that doesn’t mean you shouldn’t consider other options.
Types of Free SSL Certificates
All free SSL certificates are Domain Validation certificates.
Domain Validation (DV SSL) certificates provide the lowest level of certification available. To issue a DV
certificate, the issuing authority will only verify the owner of the domain name. This is usually done
by email, but it’s possible by telephone or alternative methods. After validaton, the certificate is
issued and users can be certain that data is sent securely and that the domain is authentic. In fact,
often the process is entirely automated, which account for why they are so much cheaper than EV SSL certificates
for example which requires a degree of human work to issue the certificate.
While domain validation certificate verify the consent of a domain owner, they don’t make any effort to verify
who the domain owner is. Since, the real identity of the website owner is not validated, it’s not mentioned
on the certificate. Due to the manner the domain is validated, this certificate is open to man in the
middle and phishing attacks. For this reason, major players in SSL don’t supply domain validation certificates.