FREE SSL Certificates vs Premium SSL Certifcates | EP 481

FREE SSL Certificates vs Premium SSL Certifcates

SSL stands for “secure sockets layer” and is a form of security for sites that handle sensitive information such as visitor’s personal information and credit card numbers. It creates a secure connection between a visitor’s web browser and the server of the company they’re interacting with.

1. Free SSL Certificates 02:11
   • Let’s Encrypt
   • Cloudflare
2. Premium SSL Certificates 02:45
   • Comodo
3. Free SSL Certificates have domain validation only. It may hurt your customers’ trust. Good for a small website or blog, but it’s not the best option for larger websites. 04:25
4.  Free Certificates are unsuitable for e-commerce05:47

Read the full episode transcript below:

00:21 David Blackmon: Hey, everybody. Welcome to another episode of WP The Podcast brought to you by WP Gears. I’m David Blackmon.

00:35 Tim Strifler: And I’m Tim Strifler.

00:37 David Blackmon: Today, Tim’s going to talk about free SSL certificates. S-S-S-S-L, say that 10 times real fast. Free SSL certificates versus premium SSL certificates, when you should use what, where and how. Since Tim is more of the technical brain and he loves this kind of stuff, I’m gonna let him roll with it. Go, Tim.

01:03 Tim Strifler: Yeah, definitely. Before I dive into kind of the differences and which ones you should choose, I want to First define what SSL certificates are. SSL stands for secure socket layer, which that probably doesn’t mean anything to you but essentially, what makes your webpage secure and can encrypts the data from your server to the user’s browser. So, you’ve probably seen websites in the URL bar, you see the HTTP or you’ll see https://yourdomain.com. So, when it has the “S,” that means it’s encrypted. “S” stands for secure, and so that means that there is some sort of SSL certificate that is encrypting the data from the server to the user’s browser. It used to be that only … Like if there was sensitive information or e-commerce or something like that, then an SSL certificate was needed but the way that the web has moved is everything should be encrypted. Every single website should have SSL regardless of whether or not you have sensitive information or e-commerce or anything like that.

02:11 Tim Strifler: So, there’s free SSL. Let’s Encrypt is definitely, by far, the most popular. They partner with a lot of hosting companies. So, with one click of a button, you can secure your website with a Let’s Encrypt certificate free of charge. If it’s configured with your house, there’s no configuration needed. It’s usually just one click, you’re done. Another one that’s free is Cloudflare. You can set up a free Cloudflare account. They have a free SSL option that will give you the green lock in your browser, https, and it works. Then, the third is a self-signing SSL certificate, which is basically … it’s not provided by any third-party, Let’s Encrypt, Cloudflare. You essentially create an SSL certificate yourself and just store it on your server so it’ll encrypt the data. Then on the flip side, you can buy … You can go to Namecheap and get a Comodo premium SSL certificate. There’s a lot of different providers out there. Comodo is just the one I’m most familiar with and what I purchase. They’re not very expensive. They’re starting around nine bucks. You can spend 45-50 bucks depending on … There’s different levels and I’m gonna talk about that.

03:20 Tim Strifler: So, what’s the difference? Because with an SSL certificate, the level of encryption is actually the same with Let’s Encrypt, Cloudflare, a self signing SSL or one that you pay for. So, what’s the differences? Why would you pay for it when you get the same level of encryption with a free one? The added value of a premium comes down to the verification. Typically, an SSL certificate will serve two functions, or at least one the premium side. One is it’ll encrypt the connection but, two, the business that is providing the SSL certificate has verified that the website is who they say they are. So, if you are on a website called myawesomegadgets.com … I have no idea if that’s an actual website. Just made that up. Well then … And they have an SSL certificate from Comodo, well they’ve gone and they’ve done some level of verification to show that this isn’t some scammer, that they are who they say they are, they verify that this is a legit business.

04:25 Tim Strifler: And so you can buy … The reason why there’s different prices with Comodo, for example, is they might … The lowest level, all they do is make sure that you have an email at that domain, so webmaster@yourdomain.com and that’s the lowest level of verification, but then the highest level is they go and verify that you are an established business, that you have the business records to show it, that your address, you actually are at that address until you have a utility bill, the phone number verification too that you have a business phone on your site that you answer that’s connected to your business. So, those are a lot more, but those can offer an additional trust factor to your customers because they say, “I might not be familiar with this business but Comodo has checked them out. They have this level of verification, so I feel more comfortable putting in my credit card because this business is legit.” And so that’s kind of what the differences are. Now, you might be asking well, do I need that? I would say these days, the premium SSL certificates are becoming less and less popular because of how readily available the free ones are, how easily accessible they are. Then also, most consumers, they’re not really going and, in my opinion, looking at the verification and seeing that.

05:47 Tim Strifler: So, I would say for your everyday website … This is my own opinion. Your everyday website that doesn’t have e-commerce or anything like that, maybe it has some slightly sensitive information just for the basic form, then use Let’s Encrypt, use Cloudflare, use a self-signed SSL, but if you’re going to be selling something e-commerce, get yourself a premium SSL certificate. That way, you have that extra additional layer of trust. Comodo will give you a little green lock badge that you can put in your footer. I have it on the footer of my website and it just adds that extra trust factor that may be beneficial to some users, potentially maybe older generations that are a little more skeptical about putting in their credit card. So, that’s what I recommend doing. That’s what I do. I won’t get the highest level of verification. I’ll get one of the lower levels, but I’ll still get that Comodo trust lock badge that I can put on the site. If they click the lock in their browser up in the URL bar, it’s going to drop down and say “SSL certificate by Comodo verified” and so forth. So, that can be beneficial too.

06:56 Tim Strifler: So, that’s what I recommend. Those are the differences. At the end of the day, it’s the same level of encryption whether you get a free one or a paid one.

07:04 David Blackmon: All right. Sorry, I talked so much in this episode, everybody. Tomorrow, we’ve got another great episode. Are Facebook ads still effective in 2019? Tim, until tomorrow.

07:15 Tim Strifler: We’ll see you then. Take care. Bye-bye.