Free HTTPS Security Certificates

Have you ever visited a web-site that your web-browser warned you about as being potentially insecure? When you visit your online banking, do you double-check the address-bar in your web-browser to verify that the spelling is correct and that you have https:// at the beginning and/or a picture of a lock? These are good ideas that help you to avoid becoming the victim of cyber-crime.

So what's it all about?:

When you use http:// in a web-address, information sent and received is normally "in the clear," meaning that your Internet service provider ("ISP") and the web-site's ISP and anyone in-between that handles the information are able to intrude on the privacy of your experience. If you're browsing pictures of cats, perhaps you wouldn't mind. If you're typing in your online banking password, perhaps you would. Because of the privacy concerns of HTTP, using HTTPS is important to better the privacy of your web-browsing.

You might have noticed some HTTPS web-sites that your web-browser warns you about. There are a variety of reasons and warnings which you can certainly read, right when you first notice the warning. Here are a few possibilities:

• A malicious person is trying to steal your sensitive information. Oh no!
  
• A web-site hasn't renewed their so-called HTTPS "certificate" and it has expired.
  
• A web-site's HTTPS certificate is authorized by an authority that your web-browser doesn't trust.
  
• A web-site hasn't purchased an HTTPS certificate and is using a "self-signed" one. It's unlikely that your web-browser trusts them as an authority for authorizing certificates, including their own.
  
• Your web-browser or computer's operating system is somewhat old and doesn't understand some of the newer technology involved in newer certificates.
  

How do web-sites obtain HTTPS certificates and avoid their visitors receiving warnings from their web-browsers?:

Traditionally, the process has been for a web-site operator to approach one of many vendors for such a certificate. This can involve the vendor validating that the claimant really is the operator of the web-site. In fact, there are different "levels" of validation, including:

1. Domain validation ("DV")
   
2. Organization validation ("OV")
   
3. Extended validation ("EV")
   

Put simply, the larger the number of the level, the more extensive the validation. The more extensive the validation, the greater the expected "trust" from web-site visitors. Because there is expected to be more overhead for more extensive validation and because greater trust has greater perceived value, there is a market for these varying levels with the EV level usually costing quite a bit!

Not everyone can afford one of the levels shown above and not everyone needs one of those levels. The Let's Encrypt project can help web-site operators in this position. HTTPS certificates issued via the Let's Encrypt project do not cost money, but potentially have a greater trust-level than self-signed certificates do.

If you have a web-site hosted with Synthetel, a single, free HTTPS certificate via the Let's Encrypt project can be arranged for you; simply ask and it will be a pleasure to add that value to your web-site!