Free SSL certificates. Yes free (for most domains)
But here are options out there to get free Class 1 SSL certificates from a trusted root certifier. StartSSL will provide you a free 1 year SSL for most domains (anything with the word financial in the domain is not allowed, and I'm sure there are more rules than that). As they say on their website.....
I've been using StartSSL for a while now (at least a year, and this blog is using a StartSSL Class 1) and they do what they say. Now, you can't revoke a free one, that costs money. But for a simple blog web site they fit the bill perfectly. They also have SSL Class 2 for unlimited and wildcards for $59/year. Not too bad.
Now the security conscious readers will no doubt know about the Let's Encrypt program which aims to provide a completely free certificate authority but it's not quite there yet (they need to get the root added to different browsers, although you can install the root yourself if the fancy takes you). Once the CA root is in the browsers this may even eclipse StartSSL for those needing free SSL certificates.
The prices that some of the SSL vendors charge (ahem, Symantec...) is ridiculous. StartSSL and Let's Encrypt deserve some serious kudos for tipping this critical market seemingly controlled by cartels on it's head. The SSL future is looking a lot brighter and much less like an economic burden.
Discussion for this entry is now closed.
Comments (4)
I looked at this last year and decided it was not as good as it looked. I could be wrong but it seemed that the $59 was per domain because the fee is to establish a trusted account and that account is linked to the domain. As well as that you only have one shot at creating a certificate for a domain otherwise you need to pay to have it revoked if your get it wrong - like using SHA2 by mistake.
@3, Sean I don't disagree that StartSSL isn't perfect. Free almost always has a cost somewhere (like the free puppy outside of Walmart). Revocations are $25 at the time of writing this and I don't think that's a unreasonable price. EV's appear to be free when you need to revoke them. Now having said all this, once Let's Encrypt comes online then it looks like they have no-fee revocations.
According to their policy: "Class 1 certificates are limited to client and server certificates, whereas the later is restricted in its usage for non-commercial purpose only" see page 12 of https://www.startssl.com/policy.pdf
The SSL Class 2 Validiation costs $59 per year. With this validation, you are allowed to create as much wildcard certificates as you want (valid for two years).