Free SSL Certificates from a Free Certificate Authority
Are you looking for free SSL Certificates? Who wouldn’t want to get something that some people pay around $1,500 for, for free? Well, thanks to free Certificate Authorities and some other useful tips, you can get some free SSL Certificates and spend your money on something else. Sound too good to be true? There are some disadvantages to using a free Certificate Authority:
- Certificates issued by a free Certificate Authority are usually not automatically trusted in all browsers. The web browser will display a warning message telling your visitors that the certificate is not trusted. For some free CAs, visitors must import the Root Certificate manually before they can access your site.
- One of the purposes in getting an SSL Certificate is to assure your visitors that you have been verified by a trusted third-party. Most visitors won’t recognize the names of free Certificate Authorities so they will receive less assurance that they are talking to the right person. E-commerce or financial web sites will benefit greatly by using a trusted brand.
- Free Certificate Authorities can be less reliable and possibly slower. Because of their economic model, they have fewer resources to keep their servers fast (small CRLs), or quickly complete validation.
Let’s discuss each free Certificate Authority and then discuss some methods of getting free SSL Certificates without using a free Certificate Authority.
Let's Encrypt Free Certificate Authority
Let's Encrypt is a free Certificate Authority Run by the Internet Security Research Group. Launched in 2016, Let's Encrypt is unique in providing automated certificates because they only issue domain-validated certificates. You can set up your server to automatically renew the certificate before it expires so you don't have to deal with manually renewing, verifying and installing the certificate.
Let's Encrypt Disadvantages
- All certificates are only valid for 3 months
- No OV or EV certificates are issued (only DV)
- The automated issuance process can take some time to set up
Learn more on the Let's Encrypt website.
CAcert Free Certificate Authority
CAcert is the first completely free Certificate Authority. Their model is completely different from all other Certificate Authorities, even StartCom where you pay for the validations instead of the certificates. With CAcert your identity is verified by a CAcert Assurer volunteer who meets with you and reviews your government issued identity documents face-to-face. The Assurer may charge a small fee to make up for their time but some do not charge at all. They have several different types of products including:
- Client Certificates. Expire in 6 months. Must verify that you own the email address.
- Assured Client Certificates. Expire in 24 months. Must verify that you own the email address and be verified by an Assurer.
- Code Signing Certificates. Expire in 12 months. Must be verified by an Assurer.
- Server Certificates. Expire in 6 months. Must verify domain ownership.
- Assured Server Certificates. Expire in 24 months. Must verify domain ownership and be verified by an Assurer.
- CAcert Certificates aren’t currently trusted in any major browsers. It is currently only included in a few open source operating systems.
- You must complete a face-to-face validation for a certificate that lasts more than 6 months.
- No EV SSL Certificates are offered.
Other ways to get Free SSL Certificates
Get a Free Certificate for your Open Source Project
GoDaddy SSL Certificates are already among the cheapest certificates available but if you have an Open Source project and need an SSL Certificate for it, Godaddy will give you a free certificate (valid for a year). GlobalSign also offers free wildcard certificates for Open Source projects (for as long as the project is active).
Free SSL Trial Certificates
Free Trial SSL Certificates are normally, full-blown SSL Certificates but they only work for a few days or a few weeks. A few Certificate Authorities even offer them for up to three months. If you’re interested, check out our comparison of free Trial SSL Certificates.
Become your own Certificate Authority
You can become your own free Certificate Authority and make your own SSL Certificates with a few OpenSSL simple commands. These certificates are called self-signed certificates. Unfortunately, the certificates will suffer from many of the same problems that certificates from free Certificate Authorities do. Specifically, they won’t be trusted in any web browsers and will throw a big error message unless you tell each web browser to trust them. This doesn’t work for most companies but it still enables encryption for the visitors who know how to tell the browser to accept the self-signed certificate.
Most sites should compare SSL certificate features and buy from a trusted certificate authority to capitalize on browser compatibility and the high assurance of commercial providers. Still, there are many places where free SSL Certificates will work just fine and you can use the information in this article to find the right solution for your needs.
Originally posted on Mon Mar 16, 2009