What’s an SSL Certificate?
An SSL Certificate is an essential and powerful tool used to secure your website as well as visually reassure your visitors that their connection to your site can be trusted. While the security of the internet is evolving and new security tactics are being implemented, it’s important to understand these changes and how they can affect your website.
Most browsers and mobile devices will discourage and/or warn you of a website’s security protocols in use, based on the SSL Certificate installed. Additionally, many search engines will consider higher rank results for sites that have implemented an SSL Certificate (and using the https:// protocol over the non-secure https:// protocol). Whether you are maintaining a small informational website or even thriving with a successful online store, you’ve probably asked yourself: “What kind of SSL Certificate do I need to secure my website?” In this article, we’ll explain the differences in “Free SSL” and “Dedicated SSL” Certificates which should help you decide which kind of SSL Certificate suits your website’s security needs best. This will ensure that you are using the right tool for the right job!
What Does an SSL Certificate Actually Do?
An SSL Certificate simply put, is a digital file that contains information to authenticate the ownership of a website (or web server) and a cryptographic key, provided and authenticated by an authorized Certificate Authority (CA). Browser, operating system, as well as mobile device companies all maintain their approved certificate authorities lists. As long as a certificate issuer is a valid member in this (pre-installed) list, typically called the “Trusted Root CA Store”, then the SSL Certificates they issue, will be trusted by browsers transparently. The certificate’s validity is visually identified, as it trickles down to the end user via the browser. This allows the visitor the ability to quickly identify and trust, a secured website. This trust is symbolized by the more commonly known, “green padlock” displayed in the address bar. A green padlock indicates that the connection, from the browser to the server hosting the website, is properly encrypted for security and also that the domain’s ownership is authentic and validated by the approved CA.
You can see the basic green padlock that displays for a Free SSL Certificate as an example in this screenshot:
You can hit F12 to view the certificate more in depth
Then select “View Certificate” to review the additional details of the Certificate
The encryption used for a Free SSL and Dedicated SSL Certificate is generally the same. There is no difference in the encryption methods between free and Dedicated SSL Certificates, as they are typically encrypted using the latest standard (currently TLSv1.2). Although the encryptions are similar, there are some minor differences that are important to consider when deciding whether a Free SSL or Dedicated SSL Certificate is best for you.
Free SSL Certificates only provide validation for ownership of a domain. Due to the nature of validation, only one domain can be secured by a Free SSL.
Now that many of the well known Certificate Authorities are offering “Free” SSL Certificates, the trust relationship between browsers and servers can be completed automatically and in lieu of (less trustworthy) self-signed certificates. However, a Free SSL still only authenticates the domain’s ownership.
Why Use Free SSLs over Self-signed SSLs
Previously, the only “free” SSL Certificate that was available, was a “self-signed” certificate. This method, in which the server provides its own encryption key for secure sessions with browsers, relied on trusting the server administrator in validating the ownership of that domain. Since only CA’s adopted by the browsers are trusted by default, this would trigger a pop-up security warning to indicate to visitors that the certificate was indeed encrypted. However, the authenticity of the ownership of the domain was not validated by an authorized CA. This kind of validation did not provide an avenue for browsers to automatically trust self-signed certificates, thus requiring users to “trust” the certificate by adding an exception to accept the certificate.
The validity of a Free SSL Certificate is typically a shorter term (30-90 days) than that of a Dedicated SSL Certificate. A Free SSL Certificate would expire sooner, thus requiring additional maintenance to maintain the validity of the Free SSL Certificate.
The most prominent difference in any Dedicated SSL Certificate versus a Free SSL Certificate is the validity of the certificate. Dedicated SSL Certificates may include more in depth validation. For instance, an Extended Validation SSL Certificate would authenticate not only the owner of the domain but also the validity of the business that claims to be the owner of the website. Although the encryption works the same way, this added layer of validation can help your visitors trust your website and business as one entity. The screenshot below shows the business and green padlock (in the address bar):
Utilizing Extended Validation or Organization Validation can help to reduce the threat of phishing. These Dedicated SSL Certificates require that the CA authenticate the validity of the claim that a business or organization owns the secured website. If a phishing attempt is made, it can be easily identified by the omission of these details. Your visitors will not see the trusted Certificate if lead to a website that is not validated accordingly.
Finally, a Dedicated SSL Certificate generally has a longer term (1-3 years) available. Thus it will remain valid longer, requiring less maintenance.
Dedicated SSL Certificates can come with additional benefits. However, the benefits of a Dedicated SSL Certificate can vary among providers but most commonly include securing multiple domains and/or wildcards. Although this article focuses on the differences between Free SSL and Dedicated SSL Certificates, it’s important to note that Dedicated SSL Certificates may include different features, that Free SSL or other kinds of Dedicated SSL Certificates do not. For example, some CAs include their own support and various tiers of insurance/warranties. Weighing the pros and cons of those benefits should help guide you in your decision should you decide to purchase a Dedicated SSL Certificate.
If you simply want to secure your blog or informational website to ensure trust among your visitors, then a Free SSL Certificate should suffice. You can review our article to obtain a Free SSL Certificate.
If the features that are offered with a Dedicated SSL Certificate are needed for your business, then implementing the Dedicated SSL Certificate would be ideal. Generally, websites that are targeted by phishing should implement a Dedicated SSL Certificate. You can review our article to obtain a Dedicated SSL Certificate.