There are times when a SSL certificate would be nice but not economical. Like for this blog for example. I'm hardly going to splurge $100+ on SSL certificate "just because", and "SSL everywhere" and Google ranking be damned.

But here are options out there to get free Class 1 SSL certificates from a trusted root certifier. StartSSL will provide you a free 1 year SSL for most domains (anything with the word financial in the domain is not allowed, and I'm sure there are more rules than that).  As they say on their website.....

Image:Free SSL certificates. Yes free (for most domains)

I've been using StartSSL for a while now (at least a year, and this blog is using a StartSSL Class 1) and they do what they say. Now, you can't revoke a free one, that costs money. But for a simple blog web site they fit the bill perfectly. They also have SSL Class 2 for unlimited and wildcards for $59/year. Not too bad.

Now the security conscious readers will no doubt know about the Let's Encrypt program which aims to provide a completely free certificate authority but it's not quite there yet (they need to get the root added to different browsers, although you can install the root yourself if the fancy takes you). Once the CA root is in the browsers this may even eclipse StartSSL for those needing free SSL certificates.
Image:Free SSL certificates. Yes free (for most domains)

The prices that some of the SSL vendors charge (ahem, Symantec...) is ridiculous. StartSSL and Let's Encrypt deserve some serious kudos for tipping this critical market seemingly controlled by cartels on it's head. The SSL future is looking a lot brighter and much less like an economic burden.
Darren Duke   |   October 1 2015 08:11:46 AM   |    security  ssl    |  
  |   Next Document   |   Previous Document

Discussion for this entry is now closed.

Comments (4)

Gravatar Image
1 - Sven Hasselbach    http://blog.hasselba.ch    10/01/2015 9:54:18 AM

The SSL Class 2 Validiation costs $59 per year. With this validation, you are allowed to create as much wildcard certificates as you want (valid for two years).

Gravatar Image
2 - sean cull    http://www.seancull.co.uk    10/02/2015 6:13:39 AM

I looked at this last year and decided it was not as good as it looked. I could be wrong but it seemed that the $59 was per domain because the fee is to establish a trusted account and that account is linked to the domain. As well as that you only have one shot at creating a certificate for a domain otherwise you need to pay to have it revoked if your get it wrong - like using SHA2 by mistake.

Gravatar Image
3 - Darren Duke       10/02/2015 6:15:24 AM

@3, Sean I don't disagree that StartSSL isn't perfect. Free almost always has a cost somewhere (like the free puppy outside of Walmart). Revocations are $25 at the time of writing this and I don't think that's a unreasonable price. EV's appear to be free when you need to revoke them. Now having said all this, once Let's Encrypt comes online then it looks like they have no-fee revocations.

Gravatar Image
4 - Martin Jinoch    http:/jinoch.cz    10/02/2015 9:39:35 AM

According to their policy: "Class 1 certificates are limited to client and server certificates, whereas the later is restricted in its usage for non-commercial purpose only" see page 12 of https://www.startssl.com/policy.pdf