Why does ssl cost money

Now you can easily make the right choice for your business depending on your budget and requirements. So, why to wait now? Grab the opportunity and purchase the right certificate as soon as possible from ClickSSL. You and your visitors will start reaping the benefits of this decision immediately!

SSL certificate cost depends on your web security requirement. Here we are explaining how much does an SSL certificate cost to secure your website. Types of SSL Certificates SSL certificates are divided into 6 different categories based on two criteria: the number of domains and subdomains they can protect, and the kind of validation process involved in getting them.

Single Domain SSL Certificate As per their name, these certificates protect only a single domain and subdomain in its hierarchy. Buy Now. Posted by ClickSSL. Share on Facebook Share on Twitter. We Assure to Serve. Compare Close. We use cookies to optimize site functionality and give you the best possible experience. Learn more about cookies policy. Choosing the correct SSL Secure Socket Layer certificate is crucial for all website owners — whether you own a blog or an eCommerce platform.

But there are so many SSL certificates to choose from. How do you choose the best SSL certificate and certificate authority for your website? The choice may very well depend on the cost of the SSL certificate. Domain Validated are the most basic SSL certificates with the lowest level of assurance. They are usually issued within minutes and you only need to verify that you own the domain. It is also suitable for companies that want to maintain tight control over who employees, contractors, etc.

Extended Validated certificates provide the highest level of trust and assurance. These are the most expensive and you need to verify your domain ownership along with your personal and organizational information. EV certificates are perfect for eCommerce platform owners. Your customers are far more likely to provide their payment or address details if you have the green padlock sign in your browser.

Joe Bloggs Ltd putting an EV certificate on their website does absolutely nothing to fix the problems I've mentioned above. To provide security, you need an indicator when the site isn't genuine; e.

I have to be able to say "the EV is missing or wrong, so I will not use this site". But right now, I can't do that. Show 4 more comments. Let's start with the cynical view: Certificate Authorities are for-profit companies, so they will charge as much as they are able to get away with!

Domain-Validated DV Certificates For a basic DV cert which, makes your browser address bar look like this: the costs are very low - basically the CA just needs to confirm that the person requesting the cert had control of the server at the time of request.

Extended Validation EV Certificates If you want the high-end certs that include your verified company name and country in which it is registered to appear in the browser like this: then there is significantly more cost to the CA. Why a recurring fee? OCSP servers There are also server costs for maintaining a cert, mainly the costs of OCSP , which requires the CA to maintain high-bandwidth, low-latency, zero-downtime servers for responding to revocation checks on each cert they issued.

Mike Ounsworth Mike Ounsworth This explains why CAs charge money, but not really why that money is a recurring fee. It's a recurring fee because it's a recurring process, and it's a recurring process for security reasons, not financial ones. Everything you say in this answer would apply to a certificate with an expiry date 50 years in the future, or with no expiry date at all, if clients would honour such a thing.

Sometimes you pay to avoid becoming headline news. The reason why it is a recurring process is because validating trust which is the model certificates are based on must be done periodically therefore by design certificates must expire and be re-issued.

It's a security decision based on the security model the whole system was designed around — slebetman. PlasmaHH If there was no other reason for short certificates than making money, free CAs like Let's Encrypt would issue year certificates, because it would be cheaper for them to operate the service.

They don't, because the certificate expiry is there for security reasons not just as a money-making exercise. Show 6 more comments. During the lifetime of the certificate, the CA must be able to revoke it, that means: maintaining the list of revoked certificates CRL responding to clients asking for the revocation status OCSP.

So as long as the certificate is valid, the certificate "cost" something to the CA. Community Bot 1. Tom Tom 2, 11 11 silver badges 19 19 bronze badges. Thinking about it, I don't think this adds up. The cost to respond to OCSP queries is proportional only to the number of currently non-expired certificates. If you are the issuer for a domain for 10 years, you will hold 1 record at a time for that domain, whether that's a single year record, or 10 consecutive 1-year records, or consecutive 1-month records.

The only marginal costs I can see are a slightly longer revocation list containing revocations from longer ago , and maintaining records for customers who would have let renewal lapse; neither seems likely to be that high. IMSoP CAs only need to supply revocation information for currently-valid certificates; expired certificates are expected to be untrusted by default.

However, they do need to supply revocation information for currently-valid certs. So if a CA issues a single certificate for one year or ten years they need to supply revocation data for that period of time. If a CA issues certificates valid for ten years, then by consequence it needs to serve ten times as much revocation data, and handle ten times as many requests for revocation data, than if it issued certificates valid only for one year.

At any given moment, the volume of revocation requests is proportional to the number of currently valid certificates, regardless of how long those certificates are valid for. The only extra certificates would be customers who are "locked in" by the longer expiry, who would otherwise not have renewed.

OK, I think I get what you're saying now: the CA has to set some lifetime, because they have to account for running costs over that lifetime.

They could issue a year certificate for 10 times the price of a 1-year certificate if there were no security reasons not to do so , but they wouldn't know what to charge for an open-ended certificate, because they would have no idea how many years they'd have to maintain it for. Although note that some of the costs in your edit would be lower for longer or unlimited lifetimes, e. Show 1 more comment. Jeremy Shiklov Jeremy Shiklov 17 1 1 bronze badge.

Thank you for your comment, although I still think it's good to have a short on-the-mark answer. We try to encourage answers here to be unique and standalone.