Free SSL Certificate for Your Website
Are you looking for free SSL Certificates? Who wouldn’t want to get something that some people pay around $1,500 for, for free? Well, thanks to free Certificate Authorities and some other useful tips, you can get some free SSL Certificates and spend your money on something else. Sound too good to be true? It may be. There are many disadvantages to using a free Certificate Authority:
- Certificates issued by a free Certificate Authority are usually not automatically trusted in all browsers. The web browser will display a scary warning message telling your visitors that the certificate is not trusted. Visitors must import the Root Certificate manually before they can access your site.
- One of the purposes in getting an SSL Certificate is to assure your visitors that you have been verified by a trusted third-party. Most visitors won’t recognize the names of free Certificate Authorities so they will receive less assurance that they are talking to the right person. Free SSL Certificates should definitely not be used on e-commerce or financial web sites.
- Free Certificate Authorities can be less reliable and possibly slower. Because of their economic model, they have fewer resources to keep their servers fast (small CRLs), or quickly complete validation.
Let’s discuss each free Certificate Authority and then discuss some methods of getting free SSL Certificates without using a free Certificate Authority.
Let’s Encrypt Free Certificate Authority
Let’s Encrypt is a free Certificate Authority Run by the Internet Security Research Group. Let’s Encrypt is unique in providing automated certificates because they only issue domain-validated certificates. You can set up your server to automatically renew the certificate before it expires so you don’t have to deal with manually renewing, verifying and installing the certificate.
Let’s Encrypt Disadvantages
- All certificates are only valid for 3 months
- No OV or EV certificates are issued (only DV)
- The automated issuance process can take some time to set up
Learn more on the Let’s Encrypt website.
CAcert Free Certificate Authority
CAcert is the first completely free Certificate Authority. Their model is completely different from all other Certificate Authorities, even StartCom where you pay for the validations instead of the certificates. With CAcert your identity is verified by a CAcert Assurer volunteer who meets with you and reviews your government issued identity documents face-to-face. The Assurer may charge a small fee to make up for their time but some do not charge at all. They have several different types of products including:
- Client Certificates. Expire in 6 months. Must verify that you own the email address.
- Assured Client Certificates. Expire in 24 months. Must verify that you own the email address and be verified by an Assurer.
- Code Signing Certificates. Expire in 12 months. Must be verified by an Assurer.
- Server Certificates. Expire in 6 months. Must verify domain ownership.
- Assured Server Certificates. Expire in 24 months. Must verify domain ownership and be verified by an Assurer.
- CAcert Certificates aren’t currently trusted in any major browsers. It is currently only included in a few open source operating systems.
- You must complete a face-to-face validation for a certificate that lasts more than 6 months.
- No EV SSL Certificates are offered.