SSL certificates are the central element of the internet’s most widely used system for securely transmitting information between websites and their customers.
In order for a customer to establish a secure connection with a given website, that website must have an SSL certificate. The website owner can purchase one from many different vendors, some of which charge large amounts of money and some of which ask very low rates. What determines an SSL certificate price?
The main cost differentiating factor for an SSL certificate is the level of validation the company issuing the certificate must perform. There are three different levels of validation: low assurance, high assurance, and extended validation.
Low assurance or domain validated certificates are the cheapest types available. When issuing a low assurance SSL certificate, the issuing authority does almost no work to check that you are indeed who you say you are.
Since the certificate only includes the domain name and not your business name, the certification authority only needs to pull the “WHOIS record” for your domain name to verify you’re the legitimate owner. These certificates can be issued instantly and at very low prices. However, they don’t provide a great deal of assurance to your customers.
High assurance certificates are the most widely used SSL certificates. A high assurance SSL certificate contains both your domain name and your business name.
Before issuing one of these certificates, the registrar has to confirm both that you own the domain name and that you have a valid business registration. Issuing such a certificate can only be done manually, so it may take between several hours and several days before the certificate is issued.
Extended validation certificates require the most due diligence from the certifying authority, so they’re the most expensive. These certificates are specifically designed to prevent phishing attacks, making them a favorite tool of very popular websites and banks. When a customer visits a website with an extended validation certificate, their web browser’s address bar lights up green.
To issue an extended validation or EV certificate, the certifying authority checks not just your domain name and business but also your authority to order the certificate.
Specifically, they check that your business exists and is operational, that you match the official records, that you have the exclusive right to use the domain name in question, and that proper authorization has been given to issue the certificate. It may be a few days before these certificates are ready, and they’re by far the most expensive.
SSL certificate price is also determined by the certificate provider that you end up using. The largest and most established CAs charge the most, asking hundreds of dollars per year for a certificate. Other CAs will provide a low assurance certificate for under $20 a year.
The price you pay will be determined by the nature of your business and the purpose to which you want to put the certificate. If you want to keep people from grabbing the passwords of your customers as the data travels over the internet, you can probably use a cheap certificate and get all the security you need.
If you’re asking customers to trust you with their personal financial information — or you anticipate someone trying to impersonate you or your organization — then it’s probably worthwhile to go with a more expensive, more thoroughly validated certificate. These certificates don’t just provide security, they also help demonstrate your business’s legitimacy.
Related Article: List of SSL Certificate Providers