Menu
What is the main difference (may be pro/con list) between buying a custom SSL certificate and getting one from Free certificate provided by Let's Encrypt. This is all about just having simple https in our Web Application
P.S I believe you understand what I am trying to do.
444
Externally, it's usually better to use paid certificates on account of the business authentication they provide. Customers like the assurance of knowing who is behind the website's they're on and SSL is one way to provide that information.
When it comes to verification, Free SSL certificates do not validate ANYTHING about websites, but just the ownership of the domain. On the other hand, paid SSL certificates verify the BUSINESS IDENTITY of the website before issuing the certificate to the site owner.
Why should I pay for an SSL certificate? The biggest reason to pay for an SSL certificate instead of going with a free version is the liability protection. With a paid certificate, you'll have better liability protection. This means that in the event of a data breach, you are insured based on your warranty level.
Free SSL certificates can definitely do the job in cases where trust is important but not critical, for example, on blogs and other small information sites. Why? They offer the same level of encryption as their paid equivalents and display the padlock symbol in all major browsers.
The main practical difference is to be trusted in all browsers and third party systems, for example Android, iOS or Windows.
Lets encrypt has taken this restriction into account and has proposed a solution that you can read on its website https://letsencrypt.org/certificates/
Our intermediate is signed by
ISRG Root X1. However, since we are a very new certificate authority,ISRG Root X1is not yet trusted in most browsers. In order to be broadly trusted right away, our intermediate is also cross-signed by another certificate authority,IdenTrust, whose root is already trusted in all major browsers. Specifically, IdenTrust has cross-signed our intermediate using their DST Root CA X3.
That is, in fact, their certificates are signed by a trusted 'usual' CA. So in practice there is no difference
Take a look at letsencrypt's own web certificate, it is signed by DST Root CA X3 (IdenTrust)
I have checked if CA is present in some keystore:
Full list here: https://letsencrypt.org/docs/certificate-compatibility/
161
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
