opinion

Fast, Free and Easy SSL: Don't Pay Big Bucks for Certificates

Fast, Free and Easy SSL: Don't Pay Big Bucks for Certificates

The time has come to stop paying for SSL certificates! Except for a few edge or convenience cases, there are multiple great options for free SSL certificates. Not only do these options save money, but by understanding the requirements and capabilities of the modern SSL ecosystem, you can also improve your sites’ security and reduce (or eliminate) the annoying manual tasks of reviewing SSL certificates.

The origin of the SSL certificate dates all the way back to the dark ages of the web. Back in the heady days of 1995, with its dial-up and Netscape, the internet had a problem; it was a decentralized, trust-free network where everybody could get online and share information. Of course, it didn’t stay that way; it became a digital commerce powerhouse (on which we now rely).

There are still a small handful of use cases for paid certificates, such as difficult-to-update systems.

Cryptography tried to create trust on the web, except cryptography only secured connections between surfer and server. It made connections impervious to snooping, but it didn’t actually guarantee that a surfer connected to the website they intended to visit.

Enter the SSL: a pure digital signature proclaiming the identity of a site operator. By itself, all it provides is proof that the server that a user is connected to is under the same control as the owner of the SSL certificate.

In the beginning, authorizing an SSL certificate meant an audit by an independent SSL auditing firm, which would attest to the physical person behind a site, their city and country, their business incorporation, and so on. It was a good (great) time for auditors since they would charge thousands of dollars for a single certificate. There’s a reason big sites were the only ones using SSLs at the time.

Time went on until the domain validation SSL was born; it proves that the website you’re visiting is really in the domain owner’s control. This validation is easy, because when the SSL is issued, all the site owner needs to prove is ownership of the domain name. This process is fast and a computer can do the actual validation with little or no human interaction. As a result, the big SSL providers dropped their prices to near zero because of the savings from automating the process … haha, no they didn’t! In fact, they charged almost as much for DV SSL certificates as they had been, and pocketed the profits

Into the 2010s, SSL certificates remained annoyingly expensive. Some vendors tried to make more expensive “extended validation” SSLs that would turn the browser bar green. These were supported for a few years, but the browser vendors wised up, and EV SSLs are completely worthless now. Seriously, if you still have an extended validation SSL, it’s time to drop it.

Then, 2014 came along and a few things happened. First, Disney released “Frozen,” and the song “Let It Go.” Despite the common misconception, this song was not about a magical princess, but rather an instruction to site owners paying for SSL certificates: let it go. Also, after years of lobbying by the Electronic Frontier Foundation and Mozilla (the makers of Firefox), the board that sets the standard for SSLs finally approved “Let’s Encrypt,” a totally free certificate authority that would issue an SSL on demand ... for free!

Oh, and Google added SSL to its ranking algorithm, which probably had nothing to do with website operators adopting SSL en masse…

When Let’s Encrypt launched, not all modern browsers supported it (and no older browsers did). Also, to appease the existing SSL providers, they could not issue wildcard SSL certificates (where one certificate covers a.example.com and b.example.com). Even worse, their certificates were limited to 90 days of validity, so you had to renew the certificate periodically, which was not an easy process at the time. The big SSL vendors spread quite a bit of doubt and blog posts decrying the alleged security failings of Let’s Encrypt certificates.

Nonetheless, nothing beats free. Let’s Encrypt quickly became a roaring success, taking up a significant percentage of all SSL certificates issued and became the de-facto standard for issuing SSL certificates. Today, the free ecosystem has matured.

Several other entrants now provide SSLs for free, and the vast majority of websites no longer have to pay for an SSL. Browser support for these free certificates is excellent, meaning they work everywhere, and remember that 90-day duration? It turns out that’s been great for security, creating a whole ecosystem of software that updates security keys regularly (instead of letting them rot for years at a time). Best of all, wildcard certificates are now supported by many free SSL providers.

There are still a small handful of use cases for paid certificates, such as difficult-to-update systems (and where a longer SSL is beneficial), but these are very rare, and the prices for such paid certs are now no more than a few dollars.

Before, any certificate authority could issue certificates for your site. That included shady offshore organizations and even authorities owned by repressive governments. Any of these “authorities” could issue a certificate for your site and use it to intercept your users. To end this abuse, a new DNS record was added, called the Certification Authority Authorization.

The CAA DNS record allows a site operator to publish a list of authorities who may issue their site certificates. If some other provider tries to issue a fraudulent certificate, it is immediately apparent, and the major browsers should not accept the certificate. By deciding on what certificate issuers you’ll use and then publishing a CAA record, you can significantly reduce the possibility of a fraudulent SSL. Many SSL providers are moving towards making the CAA record a requirement in the future.

So if you’re still paying for SSL certificates or you haven’t set up CAA records to protect your site, what are you waiting for? The future is now. Protect your site and save some dollars by taking advantage of a true public good on the internet.

Brad Mitchell is the founder of XBIZ Award-winning adult web hosting company MojoHost, the trusted choice for tens of thousands of sites. Known for his dapper style and charismatic wit, Mitchell is a regular fixture at trade shows, where he frequently shares hard-won wisdom while striking profitable deals. He believes in earning his client’s loyalty because “That’s Good Mojo.” And if you need help with SSLs, he’s your man.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
opinion

Account-to-Account Payments: The New Banking Disruptor?

So much of our industry relies upon Visa and Mastercard to support consumer payments — and with that reliance comes increased scrutiny by both brands. From a compliance perspective, the bar keeps getting raised until it feels like we end up spending half our time making sure we are compliant rather than growing our business.

Cathy Beardsley ·
profile

WIA Profile: Samantha Beatrice

Beatrice credits the sex positivity of Montreal for ultimately inspiring her to pursue work in adult entertainment. She had many friends working in the industry, from sex workers to production teams, so it felt like a natural fit and offered an opportunity to apply her marketing and social media savvy to support people she truly believes in and wants to see succeed.

Women In Adult ·
opinion

Understanding the Latest Server Processors

Over the last decade, we mostly stopped talking about CPU performance. Recently, however, there has been a seismic and exciting change in the CPU landscape, due to innovation by a chip company called Advanced Micro Devices (AMD).

Brad Mitchell ·
opinion

User Choice, Privacy and the Importance of Education in AV

As we discussed last month, age verification in the adult sector is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
opinion

Maintaining Payment Processing Compliance When the Goalpost Keeps Moving

VIRP is the new four-letter word everyone loves to hate. The Visa Integrity Risk Program went into effect last year, and affects several business types — including MCC 5967, which covers adult and anything else with nudity, and MCC 7273, dating services that don’t allow nudity.

Jonathan Corona ·
opinion

Making the Most of Your Sales Opportunities

The compliance road has been full of twists and turns this year. For many, it’s been a companywide effort just to make it across that finish line. Hopefully, most of us can now return our attention to some important things we’ve left on the back burner for months — like driving revenue.

Cathy Beardsley ·
profile

YourPaysitePartner Marks 25-Year Anniversary Amid Indie Content Renaissance

For 25 years, YourPaysitePartner has teamed up with stars and entrepreneurial brands to bring their one-stop-shop adult content dreams to life — and given the indie paysite renaissance of the past few years, the company’s efforts have paid off in spades.

Alejandro Freixes ·
Show More