Where could I buy a valid SSL certificate? – Stack Overflow

I need to have a valid SSL certificate, by valid I mean not self signed. I don’t want my customers to have to deal with the ‘exception’.

How much does it cost? I’m bit lost because I checked on Verisign and it costs around ~1000$ while I can find others from 30$.

Any ideas? By the way I’m currently located in France, if that matters.

shareimprove this question

closed as off-topic by Artjom B., Dijkgraaf, CRABOLO, Shankar Damodaran, Krumia Jun 19 ’15 at 4:05

This question appears to be off-topic. The users who voted to close gave this specific reason:

  • “Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.” – Artjom B., Dijkgraaf, CRABOLO, Shankar Damodaran, Krumia

If this question can be reworded to fit the rules in the help center, please edit the question.

This is an awesome question. While not exactly programming it’s very close to programming. – Jim ThioFeb 21 ’14 at 3:33
@JimThio, Then vote for reopen. – Pacerier Apr 5 ’15 at 10:34
@JimThio It’s nothing like programming, that’s a really odd thing to say. It’s relevant to some programmers, but that’s irrelevant on Stack Overflow. This question should definitely be on one of the other Stack Exchange sites instead, such as Webmasters or Server Fault. – Thor84no Oct 6 ’15 at 11:28
It’s ridiculous that this post was closed! This is one of the major pain points for programmers. – Hajjat Nov 24 ’15 at 15:04
Could a moderator move this to webmasters.stackexchange.com ? – Adam Jun 1 ’16 at 10:40

3 Answers

up vote120down voteaccepted

The value of the certificate comes mostly from the trust of the internet users in the issuer of the certificate. To that end, Verisign is tough to beat. A certificate says to the client that you are who you say you are, and the issuer has verified that to be true.

You can get a free SSL certificate signed, for example, by StartSSL. This is an improvement on self-signed certificates, because your end-users would stop getting warning pop-ups informing them of a suspicious certificate on your end. However, the browser bar is not going to turn green when communicating with your site over https, so this solution is not ideal.

The cheapest SSL certificate that turns the bar green will cost you a few hundred dollars, and you would need to go through a process of proving the identity of your company to the issuer of the certificate by submitting relevant documents.

shareimprove this answer
I just got two certificates from StartSSL today. One shows the lockpad in Safari (the other doesn’t, oddly) and they both turn the bar green in Chrome. Has their trust level changed since this post? – wjl Apr 22 ’14 at 21:27
I loaded up a startssl cert and it worked with chrome, however, in firefox I was getting a “This site is not trusted” message. I realized that you need an intermediate certificate. When installing a startssl cert make sure you follow the steps here: startssl.com/?app=20 (for me I selected nginx) make sure you follow the part about the intermediate cert. Also you can double check cert problems here: sslshopper.com/ssl-checker.html, which helped me a lot. – Chase Roberts Nov 18 ’14 at 20:06
StartSSL certs are MUCH better than self-signed certs because they don’t cause the browser to report security errors. – jcoffland Jan 27 ’15 at 3:25
@dasblinkenlight from a usability standpoint it’s very important that the browser does not popup scary warnings. As to security value, StartCom’s CA certs are in the user’s browser which protects against man-in-the-middle attacks. Self-signed certs are totally open to such attacks. There are lots of vulnerabilities in the SSL infrastructure but certs from a CA that’s shipped with the browser are much more secure. – jcoffland Jan 27 ’15 at 7:39
@dasblinkenlight, Establishing trust is not the core purpose of SSL cert. The core purpose is getting your traffic veritably encrypted by the domain name holder, such that MITMs, ISPs and whatnot can’t sniff your traffic. It has nothing to do with companies. Of course, for tar-and-mortar businesses that don’t live online, “establishing trust” is another thing SSL do. – Pacerier Apr 5 ’15 at 10:39

Let’s Encrypt is a free, automated, and open certificate authority made by the Internet Security Research Group (ISRG). It is sponsored by well-known organisations such as Mozilla, Cisco or Google Chrome. Most modern browsers are compatible.

Let’s Encrypt is in public beta since December 2015, which means everyone can get their certificates for free. The setup will be very easy, you just have to verify that you own the website. Some minutes later, you get your certificate.

There are many clients you can use to install a Let’s Encrypt certificate:

Let’s Encrypt uses the ACME protocol to verify that you control a given domain name and to issue you a certificate. To get a Let’s Encrypt certificate, you’ll need to choose a piece of ACME client software to use. – https://letsencrypt.org/docs/client-options/

Source: Where could I buy a valid SSL certificate? – Stack Overflow

Where could I buy a valid SSL certificate? – Stack Overflow was last modified: July 13th, 2017 by Jovan Stosic