Following Google’s announcement that Chrome users will be alerted if they access a non-HTTPS site, several clients have asked why we use only use certain Certificate Authorities for the purchase of certificates instead of a free option.
Although it is possible to use another provider there are several issues and additional costs you need to be aware of before making this decision.
Many of the cheaper options don’t have the some of the built in features as the ones we offer.
Both the www. and non-www. versions of your domain should be made secure. If a cheaper certificate does not cover both the www. and non-www. URL you will need to buy two certificates.
Our servers run on of cluster of machines. This means the Certificate needs to be licensed for an unlimited number of servers. Many free or cheap Certificates will only include a license for one server as these are generally targeted to individuals rather than businesses.
There are three types of certificate, DV, OV and EV. There is no difference in the secure technology behind the types, but the checks done by the Certification Authority issuing the certificate are more robust for EV and OV.
The DV certificate has extremely basic checks and is intended for individual and blogging sites. Businesses should be using at least an OV certificate. Although there is no immediate difference between DV and OV certificates in the browser, the OV certificate contains more information about the business if you choose to view it.
Free or cheap certificates are often DV only.
The certificates we offer have a minimal length is one year. Many of the free certificates are a lot shorter. For example Lets Encrypt free certificates only last for 90 days. As part of the process we will handle the renewal reminders as part of your Account Management process, however if you choose to use a shorter certificate there will be an additional cost for the admin work involved, or you will need to handle this yourself.
Keeping Your Key Secret
The security benefits of a Secure Certificate only work if the Private Key you are given you stays secret. If you decide to purchase a certificate yourself from a different source, you will need to find a trust worthy, secure method of providing us with the Key. The safest way to do this is to put the Key onto a USB stick and give it us in person. Remember email is NOT secure.
Security and Updates
As with your Private Key, if the Certification Authority's Private Key is made public the security behind it no longer works. In fact a hacker could recreate your site, including the secure icon. It is therefore important that you use a Certification Authority that you trust to keep their Key safe. There has been several instances of problems with an Authorities Key, and Google is in an on-going dispute with Symantec as to whether to trust some of the certificates they have issued.
If there are any updates, major or minor, that need to be made to the certificates, our accounts allow us to do this quickly and efficiently. If you purchased your certificate from another provider you will need to ensure you pass on any update requests to us and these may incur an additional cost to implement.
In order for the Certificates to work we need to install the Certification Authorities Intermediate Certificate(s) on our server. The Certificates for our recommended providers are installed and ready for use. If you decide to use a different provider we will need to do additional work to add that Authorities Certificate that will be chargeable.
If you do want to use another provider, please send us the details to review. We will then provide you with an updated quote for your conversion.