47

Note this question is related, except this one is about free SSL certs.

There are providers who are offering totally free entry-level SSL certs (like StartSSL). I was wondering if they are technically the same thing as the paid ones (at least with the entry-level SSL certs like RapidSSL and PositiveSSL)? I do understand that extended/organization SSL is a different category, but if you only need entry-level SSL certs, are the free ones technically the same as the paid entry-level variants?

Moreover, if they are technically the same, why would you want to pay for something that's available free?

IMB
  • 2,888
  • 6
  • 28
  • 42
  • 2
    I think 2 of the main differences are the way it is checked that you actually own the domain and the trustworthiness of the SSL provider. Other facts are how many browsers can recognize and trust the root CA. Not 100% sure about this fact tough – Goez Aug 20 '12 at 14:46
  • 1
    A somebody who is going to visit a website, any website that uses a free SSL certificate is a website I won't visit, because lets face it there is no way to verify the certificate is actually theirs. – Ramhound Aug 20 '12 at 15:06
  • 4
    @Ramhound "Free certificate" as in "free beer" (one certificate, gratis), **not free as in "free speech"**! It's a certificate for a very low price: 0 $. – curiousguy Aug 20 '12 at 15:31
  • 5
    @Ramhound - as curiousguy said free SSL certificates are different than self-signed certificates. A CA still validates your class-1 identity (that is to an individual; you can get emails at webmaster@yourdomain.com or similar) before giving out the certificate, they just don't charge for this automated service. (The idea being you start using them and then pay them for a premium product once you do purchase a product). – dr jimbob Aug 20 '12 at 22:07
  • 1
    Try lets encrypt first !!!!!!!!! –  Jun 25 '16 at 14:34
  • what @user115563 said, https://letsencrypt.org/ – TarranJones Dec 17 '16 at 09:50

5 Answers5

53

At the byte level, X.509 is X.509 and there is no reason why the free SSL certificates would be any better or worse than the non-free -- the price is not written in the certificate. Any certificate provider can fumble the certificate generation, regardless of whether he gets paid for it or not.

The hard part of a certificate is outside of it: it is in the associated procedures, i.e. everything that is in place to manage the certificates: how the key holder is authenticated by the CA, how revocation can be triggered and corresponding information propagated, what kind of legal guarantee is offered by the CA, its insurance levels, its continuity plans...

For the certificate buyer, the big value in a particular CA is where the CA succeeded in placing its root key (browsers, operating systems...). The vendors (Microsoft, Mozilla...) tend to require quite a lot of administrativia and legal stuff from the CA before accepting to include the CA root key in their products, and such things are not free. Therefore, a CA which could get its root key distributed but emits certificates for free has a suspicious business plan. This is why the free-cert dealers also offer paid certificates with some extra characteristics (certs which last longer, certs with wildcard names, extra authentication procedures...): at some point, the CA operators must have an incoming cash flow. But, ultimately, that's the CA problem, not yours. If they are willing to give away certificates for free and Microsoft is OK with including their root key as a "trusted by default key" then there is no problem for you in using such certificates.

Edit: and now there is Let's Encrypt, which is a free CA that got accepted by major browsers. Their business plan is not suspicious -- in fact, they don't have a business plan at all. They operate as a non-profit entity and they live from donations. Their found a nice niche: they got buy-in from major browser vendors who went on a crusade to kill non-HTTPS Web, and needed a free certificate issuer to convince admins of small Web sites to switch; and now, no browser vendor may leave because it would make them look complacent with regards to security.

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • _a CA which could get its root key distributed but emits certificates for free has a suspicious business plan_ - Now that LetsEncrypt is a thing, you may want to update this. – forest Jan 03 '19 at 12:21
  • 1
    I have added a dedicated paragraph. – Thomas Pornin Jan 03 '19 at 13:50
23

I've been using startssl for free certificate for a for about a year and half now with only very tiny issues [...] [removed most of post from 2012 as it is irrelevant now]

EDIT 2016: There are no technical problems using a certificate from a free SSL certificate, as long as that certificate authority is trusted by your users. Please note, your example StartSSL is no longer trusted by most browsers.

Users of free certificates should be aware that free certificates are necessarily issued in an automatic fashion that will issue a certificate for a domain once you can provide an assurance you control that domain. They do not provide validation that you actually are an organization (organization validation), or do extended checks and audits against official records (extended validation). That is if someone manages to get control of a domain with a similar name, they could get valid SSL certificates for that similarly named domain. (E.g., someone manages to register america.com and tricks you into going to https://bank.of.america.com for your banking purposes and then does a man-in-the-middle attack with https://www.bankofamerica.com in order to get access to your account.) Granted, many paid certificates only provide automatic domain validation. The idea behind EV certificates is you can see in the location bar the name of the CA validated organization that exists and owns that domain.

Typically, this means you want a certificate authority that most major browsers and OSes implicitly trust by default. One of the first free certificate providers (CAcert) never obtained by default trust in most major browsers and operating systems and as a result their certificates are less useful, unless you know users of your site have installed and trusted the CAcert root certificate. The provider of free entry level SSL certs in your example (StartSSL), used to be trusted by most major browsers and operating systems. However, most major browsers are removing the trust for StartSSL (unrelated to their issuing of free certificates -- see below). However, another free certificate provider now exists that is trusted by most major browsers and operating systems called Let's Encrypt.

The reason StartSSL is no longer trusted is that StartCom (the company behind StartSSL) sold their CA to a Chinese CA company (WoSign) without disclosing the sale publicly. They also issued a certificate for a github domain without authorization and began backdating signing certificates to avoid browser restrictions. Major browser vendors (including Mozilla, Google, Apple) have begun no longer trusting certificates issued by them in their products (including Firefox, Chrome, Safari).

For more information:

https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/

https://support.apple.com/en-us/HT204132

https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html

dr jimbob
  • 38,768
  • 8
  • 92
  • 161
  • After that edit I don't think this really answers the question anymore. I'd recommend either restoring the answer to its original form, but with the added disclaimer, or just deleting it entirely. – Ajedi32 Nov 14 '16 at 21:02
  • I agree with @Ajedi32 - your 23 points were for a technical answer which now doesn't exist. If anything, you now have an *additional* point about the disadvantages of free certs. – schroeder Nov 15 '16 at 07:40
6

The main technical disadvantage would only be that if a free CA is not widely accepted by browser or operating system makers, then the certificates they generate may also not be trusted. Also, if there are any issues with the CA that cause their root certificate to be invalidated, then you could run in to issues. That said, you could potentially run in to the same issues with any CA and it isn't necessarily really a technical issue directly.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
5

There are no technical disadvantages of using any free SSL certificates. SSL technology and protocol insures that the handshake between the client and server generates robust and secure session keys to thwart spoofing of data and man in the middle attacks. You need to ensure that your free SSL provider provide real time certificate status using either OCSP or CRL without fail.

If you are able to tell the end users to trust your SSL certificate by any means or medium everything should be fine.

Mohit Sethi
  • 692
  • 4
  • 7
  • What about if someone creates a new certificate for free with your domain. Can they still do a man in the middle attack? Lets assume that the free SSL has trusted CA root certificate in all major browsers, it just started so your current one is not revoked. – over_optimistic Dec 21 '14 at 23:51
  • 5
    If an attacker can persuade a CA to issue them a cert for your domain then (assuming the client doesn't have any key pins for your domain) they can mitm your clients. Whether the CA the attacker used charged the attacker money for the misissued cert is irrelevent. Whether the CA you used charged you money for your legitimate cert is also irrelevent. – Peter Green Nov 14 '15 at 15:25
1

There is now a big disadvantage to using StartSSL: major browsers no longer trust their certificates. The company and its parent company were not handling certificates and procedures to the satisfaction of Mozilla.

Firefox announced plans to distrust StartSSL certificates in Oct 2016: https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/

Google and Chrome Distrusting WoSign and StartCom Certificates. Chrome is removing gradually dis-trusting these certificates with subsequent browser releases.

  • Chrome 56 distrusts all certificates issued after October 21, 2016.
  • Chrome 57 also distrusts all old certificates unless the site is in the Alexa top one million sites.
  • Chrome 58 also distrusts all old certificates unless the site is in the Alexa top 500,000.

Safari is blocking trust for WoSign CA Free SSL Certificates: https://support.apple.com/en-us/HT202858

Source: My new StartSSL certificate didn't work: https://webmasters.stackexchange.com/questions/103405/startssl-certificate-gives-sec-error-revoked-certificate-in-firefox-and-err-cert

Stephen Ostermiller
  • 483
  • 1
  • 5
  • 13