Get Paid to Participate - up to $1 per post!     Twitter     Facebook
Hosting Discussion
 

Hosting Discussion > Web Hosting Forums > Essential Software & Control Panels > What's the advantage of a Paid SSL vs Free SSL?
forgot password?



FORUM SUPPORTERS:

Reply


Old
  Post #1 (permalink)   02-23-2018, 01:47 PM
HD Addict
 
Join Date: Aug 2015
Location: Omaha, Nebraska
Posts: 227

Status: bigredseo is offline
This topic is spun from a few postings on this thread - https://www.hostingdiscussion.com/pr...ly-2018-a.html


Aside from the liability aspect (in that a paid SSL is like an insurance up to $10,000 or more depending on your certificate), and aside from Extended Validation and Organization Validation instead of just Domain Validation, what other protection does a paid certificate offer?

I'm looking for specific things that a paid certificate can do versus a free one, and cite your source to back it up.
__________________
Conor Treacy
Big Red SEO - Omaha, NE
ConorTreacy.com <- That's Me! ;)
 
 


Old
  Post #2 (permalink)   02-28-2018, 03:14 PM
HD Addict
 
Join Date: Aug 2010
Posts: 170

Status: zomgmike is offline
Some paid SSLs involve a vetting process in which they actually look into the person they're selling the SSL to. Free SSLs would completely background checks.

Not that consumers would generally know the difference though.
__________________
Sharktech - VPS, Colocation, and Dedicated servers
Mike Gazzerro
Los Angeles, Denver, Chicago, Amsterdam
Have your own ASN? Let us scrub your traffic. We have the best DDOS protection.
 
 


Old
  Post #3 (permalink)   03-03-2018, 11:46 AM
HD Amateur
 
Join Date: Jan 2018
Location: India
Posts: 96
Send a message via Skype™ to webconfigure

Status: webconfigure is offline
Paid SSL used yo provide the higher level of security. The have solid technique which encrypt your data on the website as well as it provides the green bar in the web browser.

Free SSL just used to provide the free certificate for the lifetime.
 
 
 


Old
  Post #4 (permalink)   03-03-2018, 12:58 PM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,537
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by webconfigure View Post
Paid SSL used yo provide the higher level of security. The have solid technique which encrypt your data on the website as well as it provides the green bar in the web browser.

Free SSL just used to provide the free certificate for the lifetime.
WRONG only an EV SSL cert will give you the green bar while a DV and OV SSL cert will give the padlock.

Free SSL certs are basic DV SSL certs which are fine for personal blogs etc, but a Paid SSL give more assurance and should be used for commercial websites
__________________
Terry Robertson - CEO The Easyhost Media Group
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #5 (permalink)   03-04-2018, 03:03 PM
HD Master
 
Join Date: Sep 2014
Location: India
Posts: 372
Send a message via Skype™ to 24x7server

Status: 24x7server is offline
1) The validity of Free SSL Certificate is varying from 30-90 days whereas Paid Certificate is valid for 1-2 years.

2) As compared with Paid SSL Certificate, there is no support, long time validity and warranty available with Free SSL Certificate.

3) Free SSL Certificate is the best option for blogs, personal websites etc. on the contrary, Paid Certificate should be installed on the heavy traffic e-commerce websites.

4) WildCard SSL is not yet available with the Fee SSL Certificate providers. It's still being implemented.
__________________
www.24x7servermanagement.com
Server Management, Server Security, Server Monitoring.
Network Monitoring Team !! Skype: techs24x7
 
 


Old
  Post #6 (permalink)   03-05-2018, 12:28 PM
HD Addict
 
Join Date: Aug 2015
Location: Omaha, Nebraska
Posts: 227

Status: bigredseo is offline
@webconfigure - please clarify "better security" since everyone uses a 2048 key.

@easyhostmedia - the part that trips me up is "give more assurance", mainly due to what a customer sees when they visit a site. It would be rare (very rare) for a user to view the type of certificate purchased, usually, they just check for a lock.

@24x7server -
1) as a user, do users care how long an SSL is valid (much like do they care if you buy 1 year domain or 10 years).
2) For SSL support - as anyone, in their lifetime, contacted GeoTrust or Comodo for support (other than an installation which a host should take care of)?
3) Why? Why not use a free one on an e-commerce site?
__________________
Conor Treacy
Big Red SEO - Omaha, NE
ConorTreacy.com <- That's Me! ;)
 
 
 


Old
  Post #7 (permalink)   03-05-2018, 12:43 PM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,537
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by bigredseo View Post

@easyhostmedia - the part that trips me up is "give more assurance", mainly due to what a customer sees when they visit a site. It would be rare (very rare) for a user to view the type of certificate purchased, usually, they just check for a lock.
Hi Conor
You are right to someone viewing your website they would not check and just look for padlock and could not care as long as padlock is displayed.

But each SSL Cert has different levels of assurance, Free SSL are fine if you have a personal website or blog, but for any commercial website you need a paid SSL.

To a website visitor they wont care and dont care as long as the site shows padlock, but with free SSL they could be purchasing from fake/scam sites as no checks are done before SSL are issued, but with a paid SSL the site owners have to give details to CA.

It used to be a case of 'If you dont see a green bar or padlock then dont buy from that website' but with the free SSL these fraudsters can get 1 for the fake sites.
__________________
Terry Robertson - CEO The Easyhost Media Group
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #8 (permalink)   03-05-2018, 01:10 PM
HD Addict
 
Join Date: Aug 2015
Location: Omaha, Nebraska
Posts: 227

Status: bigredseo is offline
Quote:
Originally Posted by easyhostmedia View Post
It used to be a case of 'If you dont see a green bar or padlock then dont buy from that website' but with the free SSL these fraudsters can get 1 for the fake sites.
We were big believers in the Green Bar when we ran our eCommerce sites, and still recommend users to purchase them for that extra level of "implied" security that a user gets when they see the EV Green Bar.

But it's still only implied security. You could change the URL bar with CSS if you wanted

Quote:
but for any commercial website you need a paid SSL
But why?

It used to be that CA was built into browsers etc, so that's why you bought from the big guys (verisign, comodo, geotrust etc), but with LetsEncrypt, that's built in now too, so there's no compatibility problem or trust issue as a result.

So why pay? The Insurance (10k, 100k Warranty etc) is only paid out if the encryption is be broken (which it never has been). It doesn't cover for fake transactions etc.

So why get is a Paid one NEEDED versus a free one?


===============================
And to clarify for everyone, I'm not picking apart anyone selling an SSL, I used to sell them when I ran hosting and we made a pretty penny doing so. I'm really wondering how (in the past 5 years that I've been out of hosting) has the SSL world changed with the free SSLs on the market and why users should not use them for commercial sites.
__________________
Conor Treacy
Big Red SEO - Omaha, NE
ConorTreacy.com <- That's Me! ;)
 
 
 


Old
  Post #9 (permalink)   03-05-2018, 01:18 PM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,537
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by bigredseo View Post
We were big believers in the Green Bar when we ran our eCommerce sites, and still recommend users to purchase them for that extra level of "implied" security that a user gets when they see the EV Green Bar.

But it's still only implied security. You could change the URL bar with CSS if you wanted



But why?

It used to be that CA was built into browsers etc, so that's why you bought from the big guys (verisign, comodo, geotrust etc), but with LetsEncrypt, that's built in now too, so there's no compatibility problem or trust issue as a result.

So why pay? The Insurance (10k, 100k Warranty etc) is only paid out if the encryption is be broken (which it never has been). It doesn't cover for fake transactions etc.

So why get is a Paid one NEEDED versus a free one?


===============================
And to clarify for everyone, I'm not picking apart anyone selling an SSL, I used to sell them when I ran hosting and we made a pretty penny doing so. I'm really wondering how (in the past 5 years that I've been out of hosting) has the SSL world changed with the free SSLs on the market and why users should not use them for commercial sites.
https://medium.com/ssl-dragon/free-v...s-2b0e8728bba1

Quote:
Drawbacks of installing a Free SSL Certificate
Just like free web hosting services, free SSL certificates also come with certain limitations and risks:

Domain Validation only — since these certificates come with no cost and are issued within a few minutes, they are limited to one single validation option — Domain Validation. This may be perfect for a small website or blog, but it’s not the best option for larger websites which are collecting personal information about their users.

Unsuitable for e-commerce — free certificates are not recommended for securing credit card and personal information on e-commerce websites. To make customers trust your business, you need a certification of your authenticity, which is provided only by paid Business Validation or Extended Validation SSL Certificates.

May hurt your customers’ trust — as a consequence of the above, your customers may not trust you simply because you aren’t willing to invest in an SSL Certificate issued by a reputable Certificate Authority. This lack of trust may significantly affect your reputation, especially in case of questionable CAs.

Limited lifetime — free certificates are issued for a limited period of time, usually 90 days. On the other hand, paid SSL Certificates are offered for 1 or 2 years, so you don’t have to get them reissued and installed so frequently.

Tardy customer support — free SSL issuers usually provide limited customer service, so issues aren’t resolved in a timely manner.
Quote:
Benefits of choosing a Paid SSL Certificate:
There are many reasons why you should opt for a premium SSL Certificate. However, the most important benefits are:

Recognition — a certificate issued by a reputable Certificate Authority makes a website seem more reliable to any customer. With paid certificates, clients have the right to report any issue to the CA, which is obliged to immediately investigate them. As a result, clients feel safer having their backs ensured by trusted CAs.

Different options — paid SSL Certificates are issued in all three validation options — Domain, Business, and Extended Validation. There are also different certificate types based on the complexity of the website, One-Domain, Wildcard, and Multi-Domain SSL Certificates, along with Code Signing SSL Certificates for securing downloadable software and digital goods.

Extended lifetime — currently, paid certificates are issued for one or two years. This means that your business will run smoothly and your website will stay secured for a long time without you worrying about the renewal of your certificate.

Server compatibility — premium certificates can be used on any hosting services as well as self-managed or dedicated servers, making the setting up process free of any limits.

Liability protection — when purchasing an SSL certificate, you typically get a warranty which is an insurance that covers any damage incurred as a result of a hack or data breach caused by a flaw in the certificate. The warranty amounts range from $5,000 to $1,500,000 which means that the higher value — the more extensive the warranty is.
__________________
Terry Robertson - CEO The Easyhost Media Group
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #10 (permalink)   03-05-2018, 02:54 PM
HD Community Advisor
 
SenseiSteve's Avatar
 
Join Date: Mar 2009
Location: Saint Louis
Posts: 5,158

Status: SenseiSteve is offline
The biggest thing I see in all of this is perceived value to the client. I've never had anyone question whether a SSL is certified and signed. Once they see the lock icon, they generally don't care. Personally, I still recommend a payed certificate for eCommerce sites.
__________________
Infusing Markets LLC Website Development Agency (314) 643-8271
Take Over Maintenance and New Site Creation
Specializing in WordPress | 23 Years of Hosting and Development Experience
 
 
 


Old
  Post #11 (permalink)   03-05-2018, 03:35 PM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,537
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by SenseiSteve View Post
The biggest thing I see in all of this is perceived value to the client. I've never had anyone question whether a SSL is certified and signed. Once they see the lock icon, they generally don't care. Personally, I still recommend a payed certificate for eCommerce sites.
Yes consumers dont care as long as they see padlock and as its drummed in to only trust sites with a padlock then fraudsters are using the free SSL to deceive consumers into thinking they are purchasing from a genuine and trusted site
__________________
Terry Robertson - CEO The Easyhost Media Group
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #12 (permalink)   03-05-2018, 05:46 PM
HD Addict
 
Join Date: Aug 2015
Location: Omaha, Nebraska
Posts: 227

Status: bigredseo is offline
Quote:
Originally Posted by easyhostmedia View Post
Nice site. They go into a lot of details throughout their site, but there's still the nagging question;

Quote:
Unsuitable for e-commerce  free certificates are not recommended for securing credit card and personal information on e-commerce websites.
Why?

They talk about trust of the visitor, but at that point aren't they talking about the badge someone might put on their site (this site uses Comodo SSL)? They're not really talking about the security of the certificate at that point, they're talking about the brand name of the SSL.

As far as the limited terms and re-issuing every 90 days - most places have this automated, so it's not really a big deal.
__________________
Conor Treacy
Big Red SEO - Omaha, NE
ConorTreacy.com <- That's Me! ;)
 
 
 


Old
  Post #13 (permalink)   03-06-2018, 08:51 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,537
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by bigredseo View Post
Nice site. They go into a lot of details throughout their site, but there's still the nagging question;



Why?

They talk about trust of the visitor, but at that point aren't they talking about the badge someone might put on their site (this site uses Comodo SSL)? They're not really talking about the security of the certificate at that point, they're talking about the brand name of the SSL.

As far as the limited terms and re-issuing every 90 days - most places have this automated, so it's not really a big deal.
Free SSL do not provide the SSL badge and assurance details, but like the free AV they are basic and limited and not recommended for commercial websites
__________________
Terry Robertson - CEO The Easyhost Media Group
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #14 (permalink)   03-06-2018, 09:59 AM
HD Addict
 
Join Date: Aug 2015
Location: Omaha, Nebraska
Posts: 227

Status: bigredseo is offline
So I agree about the badge, although I'll still argue that it's more about the promotion of the SSL Provider than it is anything to do with security.

"free AV are basic and limited" I guess is my real digging point. I can't find anything that says they're limited or untrusted in any specific way.

So avoiding the following, SSLs (free or paid) use the same security/encryption;
  • SSL Badge from SSL Provider
  • Extended Validation (EV SSL - Green Bar)
  • Guarantee Insurance ($10k-$1.5M
  • Registration Length (1-2 years)
  • Installation Support (web hosts provide this too)
  • Wildcard SSL Ability

So did I miss anything?
__________________
Conor Treacy
Big Red SEO - Omaha, NE
ConorTreacy.com <- That's Me! ;)
 
 
 


Old
  Post #15 (permalink)   03-06-2018, 10:34 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,537
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by bigredseo View Post
So I agree about the badge, although I'll still argue that it's more about the promotion of the SSL Provider than it is anything to do with security.

"free AV are basic and limited" I guess is my real digging point. I can't find anything that says they're limited or untrusted in any specific way.

So avoiding the following, SSLs (free or paid) use the same security/encryption;
  • SSL Badge from SSL Provider
  • Extended Validation (EV SSL - Green Bar)
  • Guarantee Insurance ($10k-$1.5M
  • Registration Length (1-2 years)
  • Installation Support (web hosts provide this too)
  • Wildcard SSL Ability

So did I miss anything?
No validity checks with free SSL certs

Free SSLs gives a way for fraudsters to deceive consumers as fraudsters wont pay for an SSL
__________________
Terry Robertson - CEO The Easyhost Media Group
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 
Reply
Previous Thread Next Thread


Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: