Can I Use a Free SSL Certificate for my HTTPs Pages?

how long can i self certificate for

By Jennifer Kyrnin. Web Design & HTML Expert

Question: Can I Use a Free SSL Certificate for my HTTPs Pages?

Most Certificate Authorities (CA) charge a lot of money to verify your company to use an SSL certificate. So it can be very tempting to use a self-signed, free certificate for your https server. But is that okay?

But there are some problems with doing this:

Web Browser Warning Messages

When a customer comes to your website that is secured with a self-signed or free SSL certificate, most Web browsers will post a scary error message like the one displayed here. While some people will click past this message, install the certificate and go to your site, most will click the "Get me out of here!" button and never come back.

Security Risks

The other, more serious problem is that if you have an self-signed certificate on your server and somehow your site is hacked, that server is now compromised even though it apears secure.

Customers who ignored the error message above would then be even more vulnerable because they would believe they were secure.

When to Pay for an SSL Certificate

There are a few situations when paying for an SSL certificate is just the cost of doing business, including:

  • ecommerce

All ecommerce sites must have a signed SSL certificate if they expect customers to enter their credit card information. You can get around this if you use a company like Paypal to handle your transactions. Then the purchasing process is handled on their secure server .

Continue Reading Below

  • collecting private information
If your website needs to collect private or sensitive information like addresses or social security numbers then you should collect that information on a secure server with a signed SSL certificate. Otherwise, you are asking your customers to send private and sensitive information over the Internet in clear text, which can easily be hacked and used for identity theft.
  • sites that are expected to be secure

    If you are running a site for a security conscious community such as an Internet security services company, then if you do not have a signed SSL certificate your site will not look secure, and your customers will not believe what you're providing.

  • When a Self-Signed SSL Certificate is Okay

    The only time a self-signed cerificate should be used is for testing behind a firewall. Such as your desktop computer that is behind a software or hardware firewall on your home network.


    Category: Insurance

    Similar articles: