Buying a SSL Certificate: What Do You Get?
There are considerable variations in the cost of SSL certificates. But what you get in the end also varies considerably. So what do you actually buy?
You buy trust and brand image.
A SSL certificate is a guarantee from a certification authority that the server presenting the certificate to a browser is indeed who it claims to be, but this means different things for different SSL certificates:
- for low cost certificate that means assuring your browser is indeed connecting to the host www.example.com
- for expensive certificates that means assuring your browser is connecting to www.example.com, which is operated by Example, inc. ; an organization that the authority has checked existed.
In the first case, all the authority validates is that the person who is delivered a certificate has also some administrative rights on the domain example.com. In the second case, they also manually check that the organization Example, inc. has a legal existence.
Beyond that, big names like Verisign and Thawte (now part of Verisign) give you a logo to show on your site, using their brand name to help you build confidence with your customers.
How much?
High-assurance certificates cost hundreds of USD. Comodo sells simple domain validated certificates for $15/year.
Can you get SSL certificates for free?
If you only need a secure SSL connection without the authentication aspect because you are just trying to secure your webmail access and know your users, you can generate a self-signed certificate, or get one from CAcert.org. In either cases, users will be asked to accept your certificate before they can proceed. If this is likely to be a problem, go for the $15 option. Some large institutions use self signed certificates and that's really a shame.
Post a comment