Free SSL Certificates from a Free Certificate Authority

Use a Free Certificate Authority to get Free SSL CertificatesAre you looking for free SSL Certificates? Who wouldn’t want to get something that some people pay around $1,500 for, for free? Well, thanks to free Certificate Authorities and some other useful tips, you can get some free SSL Certificates and spend your money on something else. Sound too good to be true? It may be. There are many disadvantages to using a free Certificate Authority:

  • Certificates issued by a free Certificate Authority are usually not automatically trusted in all browsers. The web browser will display a scary warning message telling your visitors that the certificate is not trusted. Visitors must import the Root Certificate manually before they can access your site.
  • One of the purposes in getting an SSL Certificate is to assure your visitors that you have been verified by a trusted third-party. Most visitors won’t recognize the names of free Certificate Authorities so they will receive less assurance that they are talking to the right person. Free SSL Certificates should definitely not be used on e-commerce or financial web sites.
  • Free Certificate Authorities can be less reliable and possibly slower. Because of their economic model, they have fewer resources to keep their servers fast (small CRLs), or quickly complete validation.

Let’s discuss each free Certificate Authority and then discuss some methods of getting free SSL Certificates without using a free Certificate Authority.

StartCom Free Certificate Authority

StartCom is a free Certificate Authority with a very different business model than typical Certificate Authorities. Essentially, you pay for validations, not certificates. Once your company has been validated, you can get as many certificates as you need. So the certificates are free but you can’t get certificates until you pay to be validated (unless you just get domain validated certificates). There are three types of certificates that you can get:

  • Class 1. These are the free SSL Certificates. They are automatically issued because they are domain-validated and will secure just one domain name or email address (for SMIME certificates).
  • Class 2. These kinds of certificates require identity validation ($29.90 each) before you can get them. Once your identity has been validated, you can get as many certificates as you need for different domains and you can even get wildcard certificates. This also includes organization validated certificates which you can pay an additional $29.90 for to display your company name in the certificate instead of your personal name.
  • Extended Validation. Extended Validation Certificates cost $199.90 for the validation (plus the $29.90 if you haven’t paid the Class 2 validation fee) and each EV Certificate costs $24.90.

StartCom Disadvantages

  • All certificates are only valid for one year.
  • The green-bar for EV SSL Certificates doesn’t currently work.

StartCom Certificates are currently trusted by Mozilla browsers, Safari, Flock and newer versions of Internet Explorer. If you have used StartCom, be sure to post a StartCom Certificate Authority Review. Learn more on the StartCom SSL website.

CAcert Free Certificate Authority

CAcert is the first completely free Certificate Authority. Their model is completely different from all other Certificate Authorities, even StartCom where you pay for the validations instead of the certificates. With CAcert your identity is verified by a CAcert Assurer volunteer who meets with you and reviews your government issued identity documents face-to-face. The Assurer may charge a small fee to make up for their time but some do not charge at all. They have several different types of products including:

  • Client Certificates. Expire in 6 months. Must verify that you own the email address.
  • Assured Client Certificates. Expire in 24 months. Must verify that you own the email address and be verified by an Assurer.
  • Code Signing Certificates. Expire in 12 months. Must be verified by an Assurer.
  • Server Certificates. Expire in 6 months. Must verify domain ownership.
  • Assured Server Certificates. Expire in 24 months. Must verify domain ownership and be verified by an Assurer.

CAcert Disadvantages

  • CAcert Certificates aren’t currently trusted in any major browsers. It is currently only included in a few open source operating systems.
  • You must complete a face-to-face validation for a certificate that lasts more than 6 months.
  • No EV SSL Certificates are offered.

Other ways to get Free SSL Certificates

Get a Free Certificate for your Open Source Project

      GoDaddy SSL Certificates are already among the cheapest certificates available but if you have an Open Source project and need an SSL Certificate for it, Godaddy will give you a free certificate (valid for a year). GlobalSign also offers free wildcard certificates for Open Source projects (for as long as the project is active).

Free SSL Trial Certificates

Free Trial SSL Certificates are normally, full-blown SSL Certificates but they only work for a few days or a few weeks. A few Certificate Authorities even offer them for up to three months. If you’re interested, check out our comparison of free Trial SSL Certificates.

Become your own Certificate Authority

You can become your own free Certificate Authority and make your own SSL Certificates with a few simple commands. These certificates are called self-signed certificates. Unfortunately, the certificates will suffer from many of the same problems that certificates from free Certificate Authorities do. Specifically, they won’t be trusted in any web browsers and will throw a big error message unless you tell each web browser to trust them. This doesn’t work for most companies but it still enables encryption for the visitors who know how to tell the browser to accept the self-signed certificate.

Most sites should compare SSL certificate features and buy from a trusted certificate authority to capitalize on browser compatibility and the high assurance of commercial providers. Still, there are many places where free SSL Certificates will work just fine and you can use the information in this article to find the right free Certificate Authority for your needs.

Originally posted on Mon Mar 16, 2009

Comments (27)

  1. JG:
    Jul 02, 2014 at 12:01 PM

    A little funny that StartSSL demands its users use something other than a PO BOX because "it is not a real address", while they themselves use a PO BOX for their own registration. Nevermind that in the U.S. registration of a USPS PO BOX requires two forms of ID.

  2. William:
    May 11, 2014 at 08:51 PM

    StartSSL is a good deal if you are a webmaster and need to set up SSL certs for a large number of domains of your clients. In this case you are verifying your identity as a hosting business and providing the certificates for clients where you are 100% liable for any breakins on your server. You cannot use these Certs as the basis for those clients to host individual merchant accounts for e-commerce - that would be fraud, since you would be holding yourself out as a different identity while taking money. However if you have a hosted payment solution like PayPal's Web payments, it's fine.

  3. Patrick:
    Apr 10, 2014 at 04:26 PM

    Lot's of problems with free certificates. Play it safe. Buy one. Even a cheap one. You will get service plus a warranty. You will be informed of attacks, etc. Taking risks with security ... is it safe?

  4. Dan:
    Dec 22, 2013 at 01:37 AM

    CA Cert Signing Authority

  5. Annoyed consumer:
    Oct 06, 2013 at 03:54 AM

    These certificates are issued out of Israel so if you dont mind the certificate suddenly being invalidated because they suspect you may be operating commercially (truth doesnt matter with this lot) and you want your transactions diretly linked to the spies at the NSA go ahead. The best value by far is the $1.99 certificate offered by Namecheap for purchase of any domain (just buy a cheap domain)

  6. Ilario:
    Mar 17, 2013 at 02:34 AM

    Here is a step by step tutorial to get a free SSL certificate with StartCom:

  7. Ilario:
    Mar 17, 2013 at 02:26 AM

    Hi, Thanks for the benchmark. I have written a step-by-step walkthrough to get a free SSL certificate from StartSSL/StartCom which can help to go further. In my view, StartCom bad point is their website. Has someone has some feedback of CACert? How is it with CACert?

  8. Tom Cruse:
    Mar 07, 2013 at 01:45 AM

    Does anyone know of a Free alternative ? Seems it don't work for me anymore :-(

  9. Kevin:
    Mar 02, 2013 at 11:52 AM

    Well... been using StartSSL for sometime now. Have it setup for a number of non-profits that simply are using it for their Webmail servers... not for the whole site. Today, we had one rejected because "it is a commercial site"... when asked for clarification it ends up they see a donation page on the website (not the one that the cert is for) and say we need to use a Class 2 cert instead of the free Class 1. At $59 for 2 years PLUS the $59 per year to validate the identity. that is much more than Godaddy's $24.95 per year. Am looking at NameCheap which has a $9 per year simple SSL. It is stupid you can't get a simple class 1 cert for free as it is a scam in my opinion. Just need something that allows simple encryption between the client and the mail server for privace purposes, NOT merchant services.

  10. James:
    Jul 08, 2012 at 06:40 PM

    Don't bother with them. I installed a free certificate but it isnt recognised by Firefox so may as well have self-certified.

  11. JL Griffin:
    Jul 03, 2012 at 08:12 PM

    This is great i run a very small host company and my server administration software requires https. many clients were afraid because browsers told them it wasnt safe, so these resources have been a life saver!

  12. Glide3:
    May 24, 2012 at 05:06 AM

    They have told me that we cannot renew our free cert due to the fact that we are a commercial / using it for transactions. But we are not a proper company its a hobby site / company and its only used for a secure image that sits on paypal. They said the following: "But Class 1 certificates are not meant to be used for commercial activities or financial transactions according to our policy: Class 1 certificates are limited to client and server types, whereas the later is restricted in its usage for non-commercial purpose only. Subscribers should upgrade to Class 2 or higher level for any domain and site of commercial nature, when using high-profile brands and names or if involved in obtaining or relying sensitive information such as health records, financial details, personal information etc." Not the end of the world but a little miss-leading with the term FREE their free page. I suspect its a move to get free clients to move to the Class 2 product. Thanks StartSSL for 2 free years but its time to leave now :(

  13. dissatisfied:
    Sep 25, 2011 at 12:13 PM

    startcom issued then revoked a certificate because they claimed my information was incorrect or couldn't be verified (it was accurate) - then they banned my IP entirely. would have rather just paid for a godaddy cert and been done with it.

  14. ipsca:
    Jun 22, 2011 at 03:54 PM

    Cannot see that they have free SSL trial, except maybe for .edu. Startcom is as of 16.06.11 not available until further no freebie SSL recognized by browsers appears to exist at the moment beyond 30-45 day one-time trials...

  15. Steffen:
    Mar 15, 2011 at 02:12 PM

    maybe thats the fact why it's free :) Wildcard only allowed for payed account. Only one question: is the fee per cert or per year? Thank you

  1. 1
  2. 2

Allowed tags: <b><i><br>Add a new comment: