By Jennifer Kyrnin. Web Design & HTML Expert
Question: Can I Use a Free SSL Certificate for my HTTPs Pages?
Most Certificate Authorities (CA) charge a lot of money to verify your company to use an SSL certificate. So it can be very tempting to use a self-signed, free certificate for your https server. But is that okay?
But there are some problems with doing this:
Web Browser Warning Messages
When a customer comes to your website that is secured with a self-signed or free SSL certificate, most Web browsers will post a scary error message like the one displayed here. While some people will click past this message, install the certificate and go to your site, most will click the "Get me out of here!" button and never come back.
The other, more serious problem is that if you have an self-signed certificate on your server and somehow your site is hacked, that server is now compromised even though it apears secure.
Customers who ignored the error message above would then be even more vulnerable because they would believe they were secure.
When to Pay for an SSL Certificate
There are a few situations when paying for an SSL certificate is just the cost of doing business, including:
All ecommerce sites must have a signed SSL certificate if they expect customers to enter their credit card information. You can get around this if you use a company like Paypal to handle your transactions. Then the purchasing process is handled on their secure server .
Continue Reading Below
- collecting private information
If you are running a site for a security conscious community such as an Internet security services company, then if you do not have a signed SSL certificate your site will not look secure, and your customers will not believe what you're providing.
When a Self-Signed SSL Certificate is Okay
The only time a self-signed cerificate should be used is for testing behind a firewall. Such as your desktop computer that is behind a software or hardware firewall on your home network.