An SSL certificate is now an essential requirement for any website that wants its users to input data or make purchases online. It’s also highly recommended for all other types of websites. Today, SSL certificates are available either paid for or free. Here we look at the difference between the two so that you can decide which is best for you.
Why you need an SSL certificate
SSL certificates encrypt user data as it travels from the user’s browser to a website, and they also verify that your website is genuine. In doing these things, SSLs prevent personal information and financial details from being stolen as they pass across the internet. Without the protection of an SSL certificate, many payment gateways will refuse to give a website an account, preventing them from taking payments online, which is why they have become essential for online stores and other sites.
At the same time, web browsers now label sites with SSL certificates as secure and those without as not secure – a decision intended to protect internet users from risk. Being labelled as secure, shown in the form of a padlock icon in the address bar, massively increases users’ confidence in visiting websites and buying from them. In addition, search engines now downrank websites without SSL certificates as they are reluctant to send their users to potentially insecure sites. From an SEO perspective, having an SSL certificate can help you rank higher and get more visitors.
Paid or Free SSL certificates
Today, you can obtain a free SSL certificate from sources like Let’s Encrypt. Alternatively, you can choose a paid-for SSL, issued by a certificate authority like Global Sign, via your web host. As both of these carry out similar functions, the majority of websites now opt for a free SSL certificate. Customers at eukhost can install free Let’s Encrypt SSLs directly from their control panels. However, there are key differences between free and paid versions which means that for some websites, the paid version is a much better choice. Here we examine the differences between them.
Free SSL certificates
One of the big attractions of a free SSL certificate is that it is free. By comparison, paid ones range from around £29 (inc. VAT) to £199.99 (inc. VAT) a year. For personal and small business websites, keeping the costs to a minimum can be a deciding factor, which is why free SSLs have become very popular.
Another benefit is that you will get similar levels of encryption to using a paid SSL, usually 256-bit encryption and 2048-bit key encryption, which is robust enough to protect data being sent to your website.
Free SSLs are also easier and quicker to obtain. In order to be granted an SSL certificate, your website needs to be vetted as genuine and the vetting process for a free SSL is less rigorous. That said, they offer only a basic level of validation and so don’t come with the same level of trust. Not every free SSL offers the same level of validation or encryption, and some have been found to have major vulnerabilities. Unfortunately, if they do, there is no warranty protection for the website from the SSL provider if issues with the certificate lead to a cyberattack or data breach. You are also likely to find that if an issue does arise, technical support from the free certificate issuer could be minimal.
Finally, a free SSL certificate can only act as security for a single website. They are a type known as Domain Validation SSLs, so you will need a separate one for each domain. You will also need to renew them more often, as free SSLs usually only last between one and three months. Some will auto-renew, however.
Paid-for SSL certificates
Paid-for SSL certificates provide several important benefits for businesses and organisations for whom security is of key importance. Firstly, they come in different types. There are two kinds of Domain Validation SSL, the Alpha Wildcard and the Domain Wildcard. The difference between the two is the level of warranty that comes with each.
Additionally, there are the Organisational Wildcard and the Extended Validation SSL. The Organisational Wildcard checks the authentication of both the domain owner and their organisation before being issued, and the Extended Validation SSL provides the deepest level of authentication of the domain owner.
These four paid-for SSL certificates all offer a much greater level of trust than free SSLs. However, while all will get your website the padlock icon, only the Extended Validation certificate will ensure you have the green padlock, indicating that your site has the highest level of security and trustworthiness.
The other major advantage of paid-for SSLs is that they come with warranties which will be paid to you if a problem with the certificate leads to a cyberattack or data breach. This starts at $1,000 (USD) for the Alpha Wildcard and rises to $1,500,000 (USD) for the Extended Validation SSL. This can be highly useful if such an attack or data breach requires websites to be rebuilt, fines to be paid or users to be compensated.
Finally, paid-for SSLs need to be renewed far less often than free versions, lasting up to 27 months, and come with top-of-the-range technical support. Indeed, at eukhost, we’ll even install them for you for free and test them to make sure they are working properly.
While free SSLs have done a great deal to make the internet more secure for users and make it easier for smaller websites to become more secure, they are not ideal for all businesses and organisations. If you need a higher level of security and trust to protect your customers and partners, then the more robust verification offered by a paid SSL, together with its warranty, is the better choice.
For more information, visit our SSL Certificates page.