What Is an SSL Certificate?
An SSL certificate is the means through which the Secure Sockets Layer (SSL) protocol is implemented to allow private Internet communication to by encrypted. SSL certificates are essential to the operation of ecommerce transactions during which people submit credit cards online, as well as online bill payment, online banking, and online subscription services. Authentication takes place on both sides of the transaction, and an encryption algorithm and cryptographic keys are used.
What Are Cheap SSL Certificates?
The cheapest SSL certificates are either those provided free to customers of a web hosting plan or inexpensive shared SSL certificates offered to those who operate as subdomains of the web host, for example. When you use a shared SSL certificate, you do not need either a Dedicated IP address (which costs more) or a Private SSL Certificate, which is specific to your domain and which also costs more. However, if you intend on conducting ecommerce and accepting credit card transactions directly (as opposed to say, through PayPal) you may not only want to consider a dedicated IP and private certificate: you may have to in order to meet PCI (Payment Card Industry) Compliance standards standards for handling customer data.
Cheap certificates are also likely to be Web of Trust certificates rather than those issued by a Certification Authority (CA). where users can sign their own or their friends’ certificates with no standards for a validation process. This contrasts with the CA practice in which there are consistent and identifiable levels of validation:
- Domain Validation, in which the CA matches up the applicant’s data with the WHOIS database
- Organizational Validation, in which the CA checks the physical address and web address for validity
- Extended Validation, in which an extensive range of data is checked, and which—when the criteria are met—allows the certified applicant to use the green color-coded address bar.
You should know that although in other circumstances “instant” might be synonymous with “cheap” (think fast food), it is not the case in the realm of SSL Certificates. Instant SSL Certificates is a product line offered by Comodo in which the direct access to IdAuthority can expedite the validation on the certificate.
What You Don’t (or May Not) Get With a Really Cheap SSL Certificate
What may you miss out on when you spend less for a certificate or use a self-signed Certificate?
- Strong encryption
- The validation of a Certificate Authority (CA) and the trust of your customers
- Trouble-free experience with browsers trusting your certificate and issuing a SSL Certificate Not Trusted Error
In summary, depending on your purposes for using an SSL certificate, you may find that a cheap certificate is more trouble than it’s worth.
Sources
https://my.bluehost.com/cgi/help/473
http://www.instantssl.com/ssl-certificate-support/app_validation/ssl-certificate-index.html
https://www.pcisecuritystandards.org/security_standards/documents.php?document=pci_dss_v2-0#pci_dss_v2-0
http://www.sslshopper.com/ssl-certificate-not-trusted-error.html