This content is from freessl.com

If any links become out of date please email [email protected]


What is SSL?

The SSL (and TLS) protocol is the Web standard for encrypting communications between users and SSL (secure sockets layer) e-commerce sites. Data sent via an SSL connection is protected by encryption, a mechanism that prevents eavesdropping and tampering with any transmitted data. SSL provides businesses and consumers with the confidence that private data sent to a Web site, such as credit card numbers, are kept confidential. Web server certificates are required to initialize an SSL session.

Customers know when they have an SSL session with a website when their browser displays the little gold padlock and the address bar begins with a https rather than http. SSL certificates can be used on webservers for Internet security and mailservers such as imap, pop3 and smtp for mail collection / sending security.


What is a chained root SSL Certificate?

When connecting to a webserver over SSL, the visitor's browser decides whether or not to trust the website's SSL certificate based on which Certification Authority has issued the actual SSL certificate. To determine this, the browser looks at its list of trusted issuing authorities - represented by a collection of Trusted Root CA certificates added into the browser by the browser vendor.

Most SSL certificates are issued by CAs who own and use their own Trusted Root CA certificates, such as those issued by GeoTrust. As GeoTrust is known to browser vendors as a trusted issuing authority, its Trusted Root CA certificate has already been added to all popular browsers, and hence is already trusted. These SSL certificates are known as "single root" SSL certificates. FreeSSL.com, a subsidiary of GeoTrust, also owns the UTN root used to issue FreeSSL certificates.

Some Certification Authorities, like Comodo, do not have a Trusted Root CA certificate present in browsers, therefore they need a "chained root" in order for their certificates to be trusted - essentially a CA with a Trusted Root CA certificate issues a "chained" certificate which "inherits" the browser recognition of the Trusted Root CA. These SSL certificates are known as "chained root" SSL certificates.

For a Certification Authority to have its own Trusted Root CA certificate already present in browsers is a clear sign that they are long-time, stable and credible organizations who have long term relationships with the browser vendors for the inclusion of their Trusted Root CA certificates. For this reason, such CAs are seen as being considerably more credible and stable than chained root certificate providers who do not have a direct relationship with the browser vendors.

You can view the Certification Authorities who have their own root certificates by viewing the list in your browser. Click here for instructions.

Chained root certificates require additional effort to install as the webserver must also have the chained root installed. This is not necessary for single root certificates.

Both FreeSSL.com's ChainedSSL product and Comodo's InstantSSL product are chained root certificates. However FreeSSL.com own the trusted CA root used to issue ChainedSSL and are therefore the only stable chained root provider. Comodo do not own the Baltimore root used to issue InstantSSL certificates and therefore cannot offer the stability of ChainedSSL.

Like chained root certificates in general, FreeSSL.com's ChainedSSL chained root certificates are ideal for low value, low volume commercial sites. At only $49 per certificate, ChainedSSL is the only stable low cost chained root certificate available in the industry! Other chained root providers such as Comodo retail their chained root certificates in excess of $49.


Why is stability important for chained root SSL certificates?

Like FreeSSL certificates, ChainedSSL certificates are issued from a trusted CA root certificate that is owned by FreeSSL.com. Some chained root certificate providers, such as Comodo InstantSSL, do not own their own trusted root, which means that their chained root offerings are unstable. They rely on the trusted root certificate owner to allow them to issue certificates and have no control over what the owner of the certificate does with the certificate - as has recently been shown when Baltimore has decided to sell the root certificate. The only way to offer a stable chained root product is to own the root being used to issue the chained root certificates.


What is ChainedSSL?

ChainedSSL is a chained root web server certificate that allows web sites to conduct secure e-commerce with an encrypted SSL connection and is ideal for low volume, low transaction value websites. ChainedSSL lowers the barrier of entry for companies that want chained root SSL security by providing immediately issued certificates at the lowest cost available.


What is FreeSSL?

FreeSSL Certificates uniquely enable businesses to obtain low cost 1 year fully functional and trusted SSL certificates and are ideal for websites conducting lite levels of ecommerce. FreeSSL.com owns the root used to issue the certificates and installation is therefore very straightforward.

FreeSSL used to be issued completely free of charge. However as we own the root used to issue FreeSSL and the browser recognition has increased over time, we have needed to introduce a charge for the FreeSSL product. As the brand name is now widely known we have decided to keep the FreeSSL name.


What do you consider low volume, low transaction?

If you have a low volume website and you decide that your customer's confidence is not affected at all by the brand behind the SSL certificate or the volume of customers that would have an issue are insignificant in number then ChainedSSL or FreeSSL is the perfect answer.

It is all about customer confidence. Whilst ChainedSSL and FreeSSL technology is production grade, only you can really determine whether your customers confidence will improve significantly if you purchase an established brand like GeoTrust.


What browser versions are compatible with ChainedSSL and FreeSSL?

ChainedSSL Certificates are compatible with Internet Explorer 5.01+, Netscape 7+. ChainedSSL certificates use chaining technology and requires the webserver to be SSL v3 or above compatible, which is the majority of all popular webservers.

Why are you providing ChainedSSL and FreeSSL secure server certificates?
By providing ChainedSSL certificates, we are lowering the barrier of entry for companies and websites wishing to secure their low volume and low value online transactions and data with the lowest cost chained root certificates available.

By providing FreeSSL certificates, we are lowering the barrier of entry for companies and websites wishing to secure their low volume and low value online transactions and data with the lowest cost single install root certificates available.


How long are the ChainedSSL and FreeSSL certificates valid for?

Both ChainedSSL and FreeSSL certificates are valid for 12 months. When your FreeSSL certificate expires and you wish to renew with us, we will ask you to either renew with a new FreeSSL certificate (for $35) or ChainedSSL certificate (for $49).


How long does it take to issue my Certificate?

If you need an SSL certificate right away, you have options. If you can wait 3-5 days, you can get certificates from established vendors that use slow traditional validation methods. However, immediate issuance certificates use alternate validation methods. Don?t necessarily mistake these for inferior certificates. Please review our information on validation to familiarize yourself with standard methods and question your vendors when in doubt.


Is there a limit to the number of FreeSSL or ChainedSSL I can order?

We do not limit the amount of FreeSSL or ChainedSSL certificates that can be ordered. Go ahead and get as many as you need!


What is browser ubiquity or browser recognition?

Browser ubiquity is the term used in the industry to describe the estimated percentage of Internet users that will inherently trust an SSL certificate. The lower the browser ubiquity, the less people will trust your certificate - clearly, if you are operating a commercial site you require as many people as possible to trust your SSL certificate. As a general rule, any SSL certificate with over 95% browser ubiquity is acceptable for a commercial site.

Ubiquity is however not the only consideration in deciding whether one SSL certificate is better than another. Many companies running high transaction volume web sites need to maximize customer confidence and therefore buy certificates from well known, long time security vendors and mostly use the major players e.g. GeoTrust and Verisign who are all WebTrust compliant.

If you have a low volume web site and you decide that your customers confidence is not effected at all by the brand behind the SSL certificate, or the volume of customers that would have an issue are insignificant in number, then ChainedSSL or FreeSSL is ideal.


Can I see which Certification Authorities have their own Trusted CA root present in browsers?

Yes. Your browser contains a Trusted CA root certificate store. You can access this by opening Internet Explorer, then go to Tools, select Internet Options, select the Content tab, click Certificates, select the Trusted Root Certification Authorities tab. You will then see a dialog box presenting a list of all Certification Authorities who own their own Trusted CA roots.