With non-secure (no SSL – no HTTPS) websites in the spotlight right now as Google gets closer to rolling out update 68 to Google Chrome, I thought it was a good time to talk about the different options for SSL Certificates. It shouldn’t come as a surprise that there are a bunch of options. Pricing on SSL Certificates range from Free to more than $4000. While the level of encryption may be roughly the same across most of these options, the certificates can hardly be compared. So, what is a small business owner to do? How do they figure out what they need and find a certificate that is the right fit.
Is Free Really Worth It?
SSL Certificates are definitely a “You Get What You Pay For” commodity/service. The free services (such as “LetsEncrypt”) offer a no frills, basic SSL with no warranty and very little actual validation. The freebies are typically a simple DV – Domain Validation certificate as opposed to the certificates that dive deeper into the association between the domain and the business. Most of the free ones are just for a single domain or subdomain, however it is usually very easy to add additional records to the certificate.
Some web hosts have turned to Let’s Encrypt to offer free SLL as part of their hosting packages. Even CDN (content distribution networks) are starting to provide SSL options. Some are paid, some, like Cloudflare, offer free SSL.
What are you paying for?
Now, just because you are paying for an SSL certificate, this doesn’t mean that you are paying for an EV (Extended Validation) certificate. EV certificates dive much deeper in to the validating the connection between the domain and the businesses that owns the domain. Other paid features include multi-site/domain validation. There are a lot of paid DV options out there. The details are in the fine print. The level of validation is really a question of how much are you, as a business, comfortable with, and how much do you think your customer is comfortable with. The main thing that businesses are paying for with the paid certificates, is the Warranty. This is essentially an insurance policy for the end user against loss of money when conducting transactions on your website because they are really conducting transactions with you, not some impostor.
What does this all mean?
In short, if you have a non-transactional website, the Free SSL certificates are a great way to ensure that your site shows as secure on Chrome and other browsers as they all start to enforce new security standards. All SSL certificates include encryption. So, as long as you aren’t collecting sensitive and personal information on the forms on your site, most sites will be fine with a free SSL if their host supports them. If you conduct a large amount of business online or your collect a lot of personal or sensitive information, it’s a good idea to look at the paid options. There could be implications for your business insurance and for such things as PCI compliance. Compare the cost of the premium SSL Certificate with the potential insurance costs for similar coverage.