Free SSL Certificates from a Free Certificate Authority

Use a Free Certificate Authority to get Free SSL CertificatesAre you looking for free SSL Certificates? Who wouldn’t want to get something that some people pay around $1,500 for, for free? Well, thanks to free Certificate Authorities and some other useful tips, you can get some free SSL Certificates and spend your money on something else. Sound too good to be true? It may be. There are many disadvantages to using a free Certificate Authority:

  • Certificates issued by a free Certificate Authority are usually not automatically trusted in all browsers. The web browser will display a scary warning message telling your visitors that the certificate is not trusted. Visitors must import the Root Certificate manually before they can access your site.
  • One of the purposes in getting an SSL Certificate is to assure your visitors that you have been verified by a trusted third-party. Most visitors won’t recognize the names of free Certificate Authorities so they will receive less assurance that they are talking to the right person. Free SSL Certificates should definitely not be used on e-commerce or financial web sites.
  • Free Certificate Authorities can be less reliable and possibly slower. Because of their economic model, they have fewer resources to keep their servers fast (small CRLs), or quickly complete validation.

Let’s discuss each free Certificate Authority and then discuss some methods of getting free SSL Certificates without using a free Certificate Authority.

StartCom Free Certificate Authority

StartCom is a free Certificate Authority with a very different business model than typical Certificate Authorities. Essentially, you pay for validations, not certificates. Once your company has been validated, you can get as many certificates as you need. So the certificates are free but you can’t get certificates until you pay to be validated (unless you just get domain validated certificates). There are three types of certificates that you can get:

  • Class 1. These are the free SSL Certificates. They are automatically issued because they are domain-validated and will secure just one domain name or email address (for SMIME certificates).
  • Class 2. These kinds of certificates require identity validation ($29.90 each) before you can get them. Once your identity has been validated, you can get as many certificates as you need for different domains and you can even get wildcard certificates. This also includes organization validated certificates which you can pay an additional $29.90 for to display your company name in the certificate instead of your personal name.
  • Extended Validation. Extended Validation Certificates cost $199.90 for the validation (plus the $29.90 if you haven’t paid the Class 2 validation fee) and each EV Certificate costs $24.90.

StartCom Disadvantages

  • All certificates are only valid for one year.
  • The green-bar for EV SSL Certificates doesn’t currently work.

StartCom Certificates are currently trusted by Mozilla browsers, Safari, Flock and newer versions of Internet Explorer. If you have used StartCom, be sure to post a StartCom Certificate Authority Review. Learn more on the StartCom SSL website.

CAcert Free Certificate Authority

CAcert is the first completely free Certificate Authority. Their model is completely different from all other Certificate Authorities, even StartCom where you pay for the validations instead of the certificates. With CAcert your identity is verified by a CAcert Assurer volunteer who meets with you and reviews your government issued identity documents face-to-face. The Assurer may charge a small fee to make up for their time but some do not charge at all. They have several different types of products including:

  • Client Certificates. Expire in 6 months. Must verify that you own the email address.
  • Assured Client Certificates. Expire in 24 months. Must verify that you own the email address and be verified by an Assurer.
  • Code Signing Certificates. Expire in 12 months. Must be verified by an Assurer.
  • Server Certificates. Expire in 6 months. Must verify domain ownership.
  • Assured Server Certificates. Expire in 24 months. Must verify domain ownership and be verified by an Assurer.

CAcert Disadvantages

  • CAcert Certificates aren’t currently trusted in any major browsers. It is currently only included in a few open source operating systems.
  • You must complete a face-to-face validation for a certificate that lasts more than 6 months.
  • No EV SSL Certificates are offered.

Other ways to get Free SSL Certificates

Get a Free Certificate for your Open Source Project

      GoDaddy SSL Certificates are already among the cheapest certificates available but if you have an Open Source project and need an SSL Certificate for it, Godaddy will give you a free certificate (valid for a year). GlobalSign also offers free wildcard certificates for Open Source projects (for as long as the project is active).

Free SSL Trial Certificates

Free Trial SSL Certificates are normally, full-blown SSL Certificates but they only work for a few days or a few weeks. A few Certificate Authorities even offer them for up to three months. If you’re interested, check out our comparison of free Trial SSL Certificates.

Become your own Certificate Authority

You can become your own free Certificate Authority and make your own SSL Certificates with a few simple commands. These certificates are called self-signed certificates. Unfortunately, the certificates will suffer from many of the same problems that certificates from free Certificate Authorities do. Specifically, they won’t be trusted in any web browsers and will throw a big error message unless you tell each web browser to trust them. This doesn’t work for most companies but it still enables encryption for the visitors who know how to tell the browser to accept the self-signed certificate.

Most sites should compare SSL certificate features and buy from a trusted certificate authority to capitalize on browser compatibility and the high assurance of commercial providers. Still, there are many places where free SSL Certificates will work just fine and you can use the information in this article to find the right free Certificate Authority for your needs.

 Digg  Reddit

Posted on March 16, 2009
Showing comments 1 to 20 of 27 | Next | Last
Posts: 26
StartSSL PO BOX double standards
Reply #27 on : Wed July 02, 2014, 14:01:55
A little funny that StartSSL demands its users use something other than a PO BOX because "it is not a real address", while they themselves use a PO BOX for their own registration. Nevermind that in the U.S. registration of a USPS PO BOX requires two forms of ID.
Posts: 26
Reply #26 on : Sun May 11, 2014, 22:51:57
StartSSL is a good deal if you are a webmaster and need to set up SSL certs for a large number of domains of your clients. In this case you are verifying your identity as a hosting business and providing the certificates for clients where you are 100% liable for any breakins on your server. You cannot use these Certs as the basis for those clients to host individual merchant accounts for e-commerce - that would be fraud, since you would be holding yourself out as a different identity while taking money. However if you have a hosted payment solution like PayPal's Web payments, it's fine.
Posts: 26
If you pay peanuts you get monkeys
Reply #25 on : Thu April 10, 2014, 18:26:22
Lot's of problems with free certificates. Play it safe. Buy one. Even a cheap one. You will get service plus a warranty. You will be informed of attacks, etc. Taking risks with security ... is it safe?
Posts: 26
@Reply 20
Reply #24 on : Sun December 22, 2013, 03:37:18
CA Cert Signing Authority
Annoyed consumer
Posts: 26
Beware StartSSL
Reply #23 on : Sun October 06, 2013, 05:54:51
These certificates are issued out of Israel so if you dont mind the certificate suddenly being invalidated because they suspect you may be operating commercially (truth doesnt matter with this lot) and you want your transactions diretly linked to the spies at the NSA go ahead.

The best value by far is the $1.99 certificate offered by Namecheap for purchase of any domain (just buy a cheap domain)
Posts: 26
Re: Free SSL Certificates from a Free Certificate Authority
Reply #22 on : Sun March 17, 2013, 04:34:53
Here is a step by step tutorial to get a free SSL certificate with StartCom:
Posts: 26
Reply #21 on : Sun March 17, 2013, 04:26:11

Thanks for the benchmark.

I have written a step-by-step walkthrough to get a free SSL certificate from StartSSL/StartCom which can help to go further.

In my view, StartCom bad point is their website. Has someone has some feedback of CACert? How is it with CACert?
Tom Cruse
Posts: 26
Start.Com Alternative
Reply #20 on : Thu March 07, 2013, 03:45:06
Does anyone know of a Free alternative ?

Seems it don't work for me anymore :-(
Posts: 26
StartSSL was good...not any more
Reply #19 on : Sat March 02, 2013, 13:52:28
Well... been using StartSSL for sometime now. Have it setup for a number of non-profits that simply are using it for their Webmail servers... not for the whole site.

Today, we had one rejected because "it is a commercial site"... when asked for clarification it ends up they see a donation page on the website (not the one that the cert is for) and say we need to use a Class 2 cert instead of the free Class 1. At $59 for 2 years PLUS the $59 per year to validate the identity. that is much more than Godaddy's $24.95 per year. Am looking at NameCheap which has a $9 per year simple SSL.

It is stupid you can't get a simple class 1 cert for free as it is a scam in my opinion. Just need something that allows simple encryption between the client and the mail server for privace purposes, NOT merchant services.
Posts: 26
Reply #18 on : Sun July 08, 2012, 20:40:46
Don't bother with them. I installed a free certificate but it isnt recognised by Firefox so may as well have self-certified.
JL Griffin
Posts: 26
Reply #17 on : Tue July 03, 2012, 22:12:05
This is great i run a very small host company and my server administration software requires https. many clients were afraid because browsers told them it wasnt safe, so these resources have been a life saver!
Posts: 26
StartSSL - no longer renewing us
Reply #16 on : Thu May 24, 2012, 07:06:33
They have told me that we cannot renew our free cert due to the fact that we are a commercial / using it for transactions. But we are not a proper company its a hobby site / company and its only used for a secure image that sits on paypal.

They said the following:

"But Class 1 certificates are not meant to be used for commercial activities or financial transactions according to our policy:
Class 1 certificates are limited to client and server types, whereas the later is
restricted in its usage for non-commercial purpose only. Subscribers should upgrade
to Class 2 or higher level for any domain and site of commercial nature, when using
high-profile brands and names or if involved in obtaining or relying sensitive
information such as health records, financial details, personal information etc."

Not the end of the world but a little miss-leading with the term FREE their free page.

I suspect its a move to get free clients to move to the Class 2 product.

Thanks StartSSL for 2 free years but its time to leave now :(
Posts: 26
sometimes free is the most expensive
Reply #15 on : Sun September 25, 2011, 14:13:23
startcom issued then revoked a certificate because they claimed my information was incorrect or couldn't be verified (it was accurate) - then they banned my IP entirely. would have rather just paid for a godaddy cert and been done with it.
Posts: 26
not free
Reply #14 on : Wed June 22, 2011, 17:54:22
Cannot see that they have free SSL trial, except maybe for .edu. Startcom is as of 16.06.11 not available until further no freebie SSL recognized by browsers appears to exist at the moment beyond 30-45 day one-time trials...
Posts: 26
Re: Wildcards with Startcom
Reply #13 on : Tue March 15, 2011, 16:12:53
maybe thats the fact why it's free :) Wildcard only allowed for payed account. Only one question: is the fee per cert or per year?

Thank you
Posts: 26
Wildcards with startssl
Reply #12 on : Thu March 03, 2011, 08:31:00
Steffen: You can get Wildcards from Startcom, just use * at the host name. I have 3 or 4 from them (although I am Class 2 Validated)
Posts: 1
Re: Do the certificate charges depend on validity period?
Reply #11 on : Wed February 23, 2011, 00:17:33
Yes, Rakshesh, you will have to pay more for a longer validity period. I am not aware of any CA that issues certificates with a 10 year validity period though. 5 is about the longest that most CAs offer.
Posts: 26
Do the certificate charges depend on validity period?
Reply #10 on : Tue February 22, 2011, 22:42:20
For certificates that are not free, do the charges depend upon the validity period? For example, if I want a validity period of say 20 years, will I need to pay more as compared to a 10 years validity period?
Posts: 26
Startcom Cert
Reply #9 on : Fri February 18, 2011, 15:42:06
I use free startcom certs since 1 year for my private mail server and sharepoint & blog site. AND i'm happy with this. As Bonus mail certs are free to.

only two thing gets a minus - you cant get a san cert for free ;o) only one xx level and the firstlevel domain is included in one free cert: eg: &
or &
no wildcard allowed
Posts: 26
True, true
Reply #8 on : Wed October 20, 2010, 03:59:47
And the sad thing is that criminals are the ones who can afford the certs because they got so much money with scams ;)
Showing comments 1 to 20 of 27 | Next | Last

Write a comment

If you have trouble reading the code, click on the code itself to generate a new random code.
Security Code:
Post Comment