- The Most Common Java Keytool Keystore Commands
- How to Create a Self Signed Certificate using Java Keytool
- SSL Host Headers in IIS 7
- Free SSL Certificates from a Free Certificate Authority
- How to Create a Self Signed Certificate in IIS 7
Free SSL Certificates from a Free Certificate Authority
Are you looking for free SSL Certificates? Who wouldn’t want to get something that some people pay around $1,500 for, for free? Well, thanks to free Certificate Authorities and some other useful tips, you can get some free SSL Certificates and spend your money on something else. Sound too good to be true? It may be. There are many disadvantages to using a free Certificate Authority:
- Certificates issued by a free Certificate Authority are usually not automatically trusted in all browsers. The web browser will display a scary warning message telling your visitors that the certificate is not trusted. Visitors must import the Root Certificate manually before they can access your site.
- One of the purposes in getting an SSL Certificate is to assure your visitors that you have been verified by a trusted third-party. Most visitors won’t recognize the names of free Certificate Authorities so they will receive less assurance that they are talking to the right person. Free SSL Certificates should definitely not be used on e-commerce or financial web sites.
- Free Certificate Authorities can be less reliable and possibly slower. Because of their economic model, they have fewer resources to keep their servers fast (small CRLs), or quickly complete validation.
Let’s discuss each free Certificate Authority and then discuss some methods of getting free SSL Certificates without using a free Certificate Authority.
StartCom Free Certificate Authority
StartCom is a free Certificate Authority with a very different business model than typical Certificate Authorities. Essentially, you pay for validations, not certificates. Once your company has been validated, you can get as many certificates as you need. So the certificates are free but you can’t get certificates until you pay to be validated (unless you just get domain validated certificates). There are three types of certificates that you can get:
- Class 1. These are the free SSL Certificates. They are automatically issued because they are domain-validated and will secure just one domain name or email address (for SMIME certificates).
- Class 2. These kinds of certificates require identity validation ($29.90 each) before you can get them. Once your identity has been validated, you can get as many certificates as you need for different domains and you can even get wildcard certificates. This also includes organization validated certificates which you can pay an additional $29.90 for to display your company name in the certificate instead of your personal name.
- Extended Validation. Extended Validation Certificates cost $199.90 for the validation (plus the $29.90 if you haven’t paid the Class 2 validation fee) and each EV Certificate costs $24.90.
- All certificates are only valid for one year.
- The green-bar for EV SSL Certificates doesn’t currently work.
StartCom Certificates are currently trusted by Mozilla browsers, Safari, Flock and newer versions of Internet Explorer. If you have used StartCom, be sure to post a StartCom Certificate Authority Review. Learn more on the StartCom SSL website.
CAcert Free Certificate Authority
CAcert is the first completely free Certificate Authority. Their model is completely different from all other Certificate Authorities, even StartCom where you pay for the validations instead of the certificates. With CAcert your identity is verified by a CAcert Assurer volunteer who meets with you and reviews your government issued identity documents face-to-face. The Assurer may charge a small fee to make up for their time but some do not charge at all. They have several different types of products including:
- Client Certificates. Expire in 6 months. Must verify that you own the email address.
- Assured Client Certificates. Expire in 24 months. Must verify that you own the email address and be verified by an Assurer.
- Code Signing Certificates. Expire in 12 months. Must be verified by an Assurer.
- Server Certificates. Expire in 6 months. Must verify domain ownership.
- Assured Server Certificates. Expire in 24 months. Must verify domain ownership and be verified by an Assurer.
- CAcert Certificates aren’t currently trusted in any major browsers. It is currently only included in a few open source operating systems.
- You must complete a face-to-face validation for a certificate that lasts more than 6 months.
- No EV SSL Certificates are offered.
Other ways to get Free SSL Certificates
Get a Free GoDaddy Certificate for your Open Source Project
Free SSL Trial Certificates
Free Trial SSL Certificates are normally, full-blown SSL Certificates but they only work for a few days or a few weeks. A few Certificate Authorities even offer them for up to three months. If you’re interested, check out our comparison of free Trial SSL Certificates.
Become your own Certificate Authority
You can become your own free Certificate Authority and make your own SSL Certificates with a few simple commands. These certificates are called self-signed certificates. Unfortunately, the certificates will suffer from many of the same problems that certificates from free Certificate Authorities do. Specifically, they won’t be trusted in any web browsers and will throw a big error message unless you tell each web browser to trust them. This doesn’t work for most companies but it still enables encryption for the visitors who know how to tell the browser to accept the self-signed certificate.
Sniff unsecured connections and use a stolen credit card number to buy an SSL Certificate
While this method will get you a free SSL Certificate, it may also get you some free jail time. We recommend using one of the other methods listed above instead.
Most sites should compare SSL certificate features and buy from a trusted certificate authority to capitalize on browser compatibility and the high assurance of commercial providers. Still, there are many places where free SSL Certificates will work just fine and you can use the information in this article to find the right free Certificate Authority for your needs.