Free SSL vs. Paid SSL Certificate

What’s an SSL Certificate?

An SSL Certificate is an essential and powerful tool used to secure your website as well as visually reassure your visitors that their connection to your site can be trusted. While the security of the internet is evolving and new security tactics are being implemented, it’s important to understand these changes and how they can affect your website.

Most browsers and mobile devices will discourage and/or warn you of a website’s security protocols in use, based on the SSL Certificate installed. Additionally, many search engines will consider higher rank results for sites that have implemented an SSL Certificate (and using the https:// protocol over the non-secure http:// protocol). Whether you are maintaining a small informational website or even thriving with a successful online store, you’ve probably asked yourself: “What kind of SSL Certificate do I need to secure my website?” In this article, we’ll explain the differences in “Free SSL” and “Dedicated SSL” Certificates which should help you decide which kind of SSL Certificate suits your website’s security needs best. This will ensure that you are using the right tool for the right job!

What Does an SSL Certificate Actually Do?

An SSL Certificate simply put, is a digital file that contains information to authenticate the ownership of a website (or web server) and a cryptographic key, provided and authenticated by an authorized Certificate Authority (CA). Browser, operating system, as well as mobile device companies all maintain their approved certificate authorities lists. As long as a certificate issuer is a valid member in this (pre-installed) list, typically called the “Trusted Root CA Store”, then the SSL Certificates they issue, will be trusted by browsers transparently. The certificate’s validity is visually identified, as it trickles down to the end user via the browser. This allows the visitor the ability to quickly identify and trust, a secured website. This trust is symbolized by the more commonly known, “green padlock” displayed in the address bar. A green padlock indicates that the connection, from the browser to the server hosting the website, is properly encrypted for security and also that the domain’s ownership is authentic and validated by the approved CA.

  • You can see the basic green padlock that displays for a Free SSL Certificate as an example in this screenshot:

    Green Padlock Displayed

  • You can hit F12 to view the certificate more in depth

    click f12

  • Then select “View Certificate” to review the additional details of the Certificate

    view certificate

The encryption used for a Free SSL and Dedicated SSL Certificate is generally the same. There is no difference in the encryption methods between free and Dedicated SSL Certificates, as they are typically encrypted using the latest standard (currently TLSv1.2). Although the encryptions are similar, there are some minor differences that are important to consider when deciding whether a Free SSL or Dedicated SSL Certificate is best for you.

Validity

Free SSL Certificates only provide validation for ownership of a domain. Due to the nature of validation, only one domain can be secured by a Free SSL.

Now that many of the well known Certificate Authorities are offering “Free” SSL Certificates, the trust relationship between browsers and servers can be completed automatically and in lieu of (less trustworthy) self-signed certificates. However, a Free SSL still only authenticates the domain’s ownership.

Why Use Free SSLs over Self-signed SSLs

Previously, the only “free” SSL Certificate that was available, was a “self-signed” certificate. This method, in which the server provides its own encryption key for secure sessions with browsers, relied on trusting the server administrator in validating the ownership of that domain. Since only CA’s adopted by the browsers are trusted by default, this would trigger a pop-up security warning to indicate to visitors that the certificate was indeed encrypted. However, the authenticity of the ownership of the domain was not validated by an authorized CA. This kind of validation did not provide an avenue for browsers to automatically trust self-signed certificates, thus requiring users to “trust” the certificate by adding an exception to accept the certificate.

The validity of a Free SSL Certificate is typically a shorter term (30-90 days) than that of a Dedicated SSL Certificate. A Free SSL Certificate would expire sooner, thus requiring additional maintenance to maintain the validity of the Free SSL Certificate.

The most prominent difference in any Dedicated SSL Certificate versus a Free SSL Certificate is the validity of the certificate. Dedicated SSL Certificates may include more in depth validation. For instance, an Extended Validation SSL Certificate would authenticate not only the owner of the domain but also the validity of the business that claims to be the owner of the website. Although the encryption works the same way, this added layer of validation can help your visitors trust your website and business as one entity. The screenshot below shows the business and green padlock (in the address bar):

green address bar

Utilizing Extended Validation or Organization Validation can help to reduce the threat of phishing. These Dedicated SSL Certificates require that the CA authenticate the validity of the claim that a business or organization owns the secured website. If a phishing attempt is made, it can be easily identified by the omission of these details. Your visitors will not see the trusted Certificate if lead to a website that is not validated accordingly.

Finally, a Dedicated SSL Certificate generally has a longer term (1-3 years) available. Thus it will remain valid longer, requiring less maintenance.

Additional Features

Dedicated SSL Certificates can come with additional benefits. However, the benefits of a Dedicated SSL Certificate can vary among providers but most commonly include securing multiple domains and/or wildcards. Although this article focuses on the differences between Free SSL and Dedicated SSL Certificates, it’s important to note that Dedicated SSL Certificates may include different features, that Free SSL or other kinds of Dedicated SSL Certificates do not. For example, some CAs include their own support and various tiers of insurance/warranties. Weighing the pros and cons of those benefits should help guide you in your decision should you decide to purchase a Dedicated SSL Certificate.

Further Recommendations

If you simply want to secure your blog or informational website to ensure trust among your visitors, then a Free SSL Certificate should suffice. You can review our article to obtain a Free SSL Certificate.

If the features that are offered with a Dedicated SSL Certificate are needed for your business, then implementing the Dedicated SSL Certificate would be ideal. Generally, websites that are targeted by phishing should implement a Dedicated SSL Certificate. You can review our article to obtain a Dedicated SSL Certificate.

Thoughts on “Free SSL vs. Paid SSL Certificate

    • Hello and thanks for contacting us. We only sell domain-validated SSL’s. You’ll need to ask where you bought the SSL for further information.

  • Thsnk you for all of the detailed information in your reply.  The return mail that I receive of the rejected mail is coming from mailer-daemon@biz144.inmotionhosting.com.  (SMTP error from remote mail server after end of data: 550 High probability of spam).

    I send my emails via SMTP from the general secure144.inmotionhosting.com and my question was concenring sending from that general domain name rather than my domain name.  Would that make any difference in the likelihood of being treated as SPAM?  Is there a chance that that general domain is indeed flagged as spam and my domain would not be?

    Thanks again for your help,

    -Dave

    • The likelihood that your email is detected as spam is highly subjective. It is determined by the filters in place on the recipient’s server. You can review the many forums that provide the best practices and guidelines for each of the popular mail server providers like Google, Yahoo, Hotmail, etc. They will recommend, as the previous responder’s comment includes, the SPF and DKIM configuration for your domain. Additionally, I recommend using your domain as the mail server because you can modify the SPF/DKIM records according to the recommendations of those third parties.

  • Would the dedicated certificate also apply to the mail servers so that I woudl not have to use the general inmotionhosting secure mail server?  Also, would this help reduce the number of times that e-mail from my domain is flagged as spam by some recipients?

    Thanks!

    -Dave

    • Hello Dave,

      Thanks for your questions about the certificate applying to the mail server. Here are your answers:

      Would the dedicated certificate also apply to the mail servers so that I wouldl not have to use the general inmotionhosting secure mail server?

      An SSL certificate applies to a domain name. So, if your mail server settings use the domain name, then they can be set to use HTTPS instead of HTTP for the server settings.

      Would this help reduce the number of times that e-mail from my domain is flagged as spam by some recipients?

      The SSL certificate is used to allow a secure connection between a user and the server. This in effect does not determine why your emails are being classified as spam. A recipient of your mail may be getting their mail filtered or parsed by a service to determine if it is spam. I would recommend that you setup SPF records and Domain Keys (DKIM). You should also setup a Domain-based Message Authentication and Conformance record (DMARC) which is used to validate emails. You should also check to make sure that your domain name is not blacklisted. If it is then you need to find who is blacklisting you and work to get your site de-listed. This can be done by getting the bounce-back message provided when a message is defined as spam.

      Finally, if you are sending marketing emails, then you should make sure that your emails conform to the CAN-SPAM Act of 2003. You can find more information in this article on stopping your emails as being labeled as spam.

  • Having VPS with InMotion where we host 3 websites would we need to purchase separately SSL certificates for all of them or will one certificate cover three websites? Thank you in advance. 

  • Google still says my website is not secure with this free ssl.  Any chance the SSL can be updated so this goes away?  

    What can i do besides paying an annual fee for one.  

    • If the free SSL was provided by your hosting company or a reputable certificate authority then there shouldn’t be a browser warning. I’d advise contacting our Live Support team if the issue persists.

  • Having an SSL with Inmotion Hosting, it covers all my domains hosted in my Reseller Hosting account. Thanks you.

    • Hello,

      Thanks for the question about obtaining a Free SSL. If you are an InMotion Hosting customer, you can contact our live technical support team for assistance. You can also find more by going to this article.

    • It depends on the provider and the method of installation. The Free SSL we provide through your Account Management Panel will remain valid and up to date. However, if you have a VPS and install a free SSL manually you will need to use a cron job or manually update it when it expires.

Leave a Reply to Yefer G Cancel reply