Let's face it - everyone likes a freebie now and again. However, the question is: is it worthwhile to go ‘free’ when it comes to data security?
When people conduct business online, they want to make sure that their information will be protected through a secure website. So, we're taught to look for signs that the websites we visit have established the necessary security measures to keep us safe. One of these signs is a secure socket layer (SSL) certificate.
An SSL certificate is a small data file installed on a web server that activates the ‘https’ protocol. This allows the connection from a web server to a browser to become encrypted. In the past, SSL certificates were really only used to secure credit card transactions. As time goes on, an SSL certificate has become a security necessity for any website.
Are All SSL Certificates the Same?
As to the question of whether a free SSL certificate is as good as a paid one, it depends on the level of certificate. Many web hosts have gotten into the bundling game. This means a plan will often include a one-click install web hosting service, a free CDN (for instance, Cloudflare), a free proprietary site builder and oftentimes, a free SSL certificate. It’s important to be aware that your certificate will be domain validated (DV), which will be touched on in a bit but takes the least effort and expense on behalf of the hosting service. That being said, there are some advantages to obtaining SSL authentication from a paid provider.
Some of these benefits include:
- Assistance with installation and configuration
- Ongoing support
- Seamless certificate renewal
- The possibility to obtain multiple certificates
Free SSL authentication (for example, Let’s Encrypt) only verifies that your web traffic is coming from the correct address. It's like sending visitors to a physical street address — they know they're at the right place because the GPS says so. But, it doesn't tell them anything about the people inside or what type of enterprise they run.
Free services cannot afford to verify countless certificates, and website owners have other concerns than to focus on gaps in security or renewing certificates several times each year.
Ultimately, the decision as to whether or not to pay for SSL really depends on how secure you want your website.
What Are Secure Socket Layers?
Secure socket layers are a type of encryption deployed by a certificate authority (CA) after verifying that a website is legitimate and owned by the person/organization listed in Whois. Also called transfer layer security (TLS), the standard SSL uses a cryptographic protocol that's actually been in existence for more than 2,000 years. That's how strong it is!
When you go through the process of obtaining an SSL certificate, it tells visitors that your mobile website or storefront has been verified by a CA through corroboration from a Qualified Information Source (QIS). This helps to legitimize your website and ensures users feel safe when accessing it.
When a web user types information into the URL bar, their browser sends a request to a host server, which encrypts the transmissions back and forth, making the data unreadable to anyone else. It means that the session between that specific browser and website is secure.
How you conduct business to maintain that authority and level of trust is up to you, SSL certificates can also be revoked. When that happens, any web traffic will be greeted by the message below:
This is NOT what you want your visitors to see. If your visitor sees this, there is a good chance they will go back to Google and check out a different website.
Untangling Types of Verification
If a free SSL only verifies a single web address, how do you get deeper authentication or multiple certificates? The answer is, by paying for them through an accredited Certificate Authority (CA).
Here is a brief overview of different types of SSL authentication:
Domain Validation (DV)
This is the most basic authentication. It is the component that puts the ’s’ for ‘secure’ in ‘https.’ When website visitors see that in their URL bar, they feel a little more confident that the website they're visiting has been verified by an authenticating authority.
But, that's all it does.
Domain validation needs to be renewed annually If you want visitors to have better peace of mind, or you need multiple certificates in the case of having multiple domains, you have to move up to the next level of SSL authentication.
Organization Validation (OV) and Code Signing Certificates
Obtaining an organization validation (OV) certificate tells visitors that your business is legitimate, licensed, and registered. It requires a little more background verification, which is why you have to pay for this certificate. It will cost anywhere from $100 to $800.
But, if you want to be viewed as a reputable business, it's invaluable.
In order to obtain an OV certificate, the CA will check for:
- Proof of legal creation of a business entity and existence from a government authority
- Proof that the website is live and operational
- Verification of a valid business license
- Proof of the owner's name and physical address
- Domain registrar verification
This is a good option for a small business owner or a corporation with a single business location or website. If you own a larger company or multiple websites and physical locations, you need to work with the CA to obtain a certificate that resides in your root directory and provides enterprise-wide encryption.
Extended Validation (EV)
Extended validations (EV) were created to provide the highest level of encryption to larger organizations. They cost a little more (around $1000) and dig a little deeper into your business standing, but they provide higher security and an elevated benefit of trustworthiness. Visitors will know that they've reached a website with this level of authentication because the name of the corporation or owner will also appear in the URL bar inside of a green band in front of the web address.
When it comes to SSL encryption protocols, there is no generic option. As long as you understand what the SSL being offered to your provides, it doesn’t matter if your SSL certificate was a free bonus with your service or you paid for your verification. If a web hosting plan costs a little more, it might be because they’re taking care of your SSL needs. Just keep in mind the free plans often simply comprise of basic domain validation (DV), but that might be all you need if you’re just looking for basic encryption and a lock next to your URL.
For some businesses, lower levels of security might not be enough in an era of record-breaking data leaks and general distrust of business security. The type of preventative measures you put in place to securely conduct business on the internet make a difference - and that starts with an SSL certificate.