Free SSL Certificates?

Posted on 2008-11-08
Medium Priority
Last Modified: 2012-05-05
I currently buy the low-end sercurity certificates from Comodo (instantssl.com). I was wondering if I could get a free, bare-bones certificate from somewhere?
Question by:Frylock
LVL 24

Assisted Solution

DMTechGrooup earned 600 total points
ID: 22913904
Most likely not.. the purpose of a signed SSL is to guarantee the person browsing your site that you are who you say you are and not some chinese hacker.. You can create a self-signed cert.  You are paying for their service to "trust" you.


Assisted Solution

ccosby earned 600 total points
ID: 22914905
Godaddy sells single ssl certs cheaper then comodo. As far as free ones go I can't help you.

To add to what DMT said you can self sign ssl certs. You then have to install them on the client machines so they accept them without complaining. This is only worth doing when it is for internal use only.
LVL 31

Accepted Solution

Paranormastic earned 800 total points
ID: 22924124
As far as free certs go:
1) Most SSL providers offer short term free certs for testing, such as 14 or 30 days.  After that you need to pay up.
2) You can run your own CA and get access to all kinds of things - free is debatable here as there would be upfront cost of hardware, software, etc. and labor costs for upkeep.  You would also need to propogate your root certificate to whereever you wanted to have your PKI trusted, if only internal just do through GPO.
3) As mentioned above - self-signed certs - you can use various tools such as signtool, makecert, cipher, openssl, etc. to create a self-signed certificate.  Again, you would need to get this installed to the trusted root store for whereever it is going to be accessed by (your clients).  Usually this is only if you have very few certs to issue as the root store can only handle about 60 or so certs in it, and each cert here will slow them all down a little bit.
4) There are a few free public CA's out there - cacert.org, startcom.org - however again these would require obtaining their root certificate chain and getting that installed on your clients.  cacert is being ambitious and hoping to eventually pass WebTrust certification so that they could be added by default to various browsers and such, but they have a long way to go and it is debatable whether they will succeed.  I haven't heard if startcom is doing the same or not.  However, they do offer a fine product for free, so if the hardware costs are too much this might be an option.

If you are looking for an answer for a commercial website where your pages will be accessed by the general public, I would say that you need to get a commercial CA product and pony up the cash.  If it is just internal, your employees from home, or b2b partners you have a decent chance at getting one of the free options to work out okay for you - which one is best depends on your requirements.

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses
Course of the Month15 days, 10 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question