W
W
WebDev2020-03-04 10:45:35
Digital certificates
WebDev, 2020-03-04 10:45:35

How is letsencrypt worse than paid certificates?

Please tell me, what is the point of buying a paid certificate if you can use a free one?
Is the data encrypted the same way? Is there a difference in security? Then why do people keep buying certificates?

Answer the question

In order to leave comments, you need to log in

8 answer(s)
M
Mikhail, 2020-03-04
@RuComMarket

Let's Encrypt is exactly the same certificate as paid ones (except for reinforced ones)
The developers of this certificate collector are not actually issued for free, in short, some big guys from companies such as cisco mozilla google and others gathered and decided to transfer sites to https, to use the security protocol, if they just told people, that now http sites will be blocked in browsers (and they wanted to do so), then people would send further google mozill and other browsers that would do this, and company shares would sink, and they would lose a lot of lards, but there is exit, invest in one of the companies that will issue certificates for free, and the lot fell on the ISRG, they agreed that they would pay this company, and they, in turn, would issue certificates for free, which is now happening.
Paid certificates used to be issued by many companies, under these circumstances, these companies simply left their functionality to issue certificates for money, because they are not paid for distributing freebies, and people who do not know that there is no difference buy them.
Enhanced certificates can only be bought and only for organizations or individual entrepreneurs, but in fact they are used only by payment systems, on the server where payments are made, in other cases they are not used, because. it's a waste of the company's money.

A
Antonio Solo, 2020-03-04
@solotony

In most cases, they buy because they don’t know / don’t know how to install a free one.
and yes - there are 3 levels DV (domain), OV (organization), CV (extended).
in some cases (banks, payment systems) OV or CV may be required

C
CityCat4, 2020-03-04
@CityCat4

The data is encrypted in the same way, but LE is a "poor man's solution". Well, that is, you want to encrypt the site, but the toad presses money on the certificate - you go and take it. For three months, then again. And again... LE only issues certificates for three months.
There are several types of certificates. In addition to DV (Domain Validated, the simplest automatic check) - which only LE issues, there is also OV (Organization Validated, a more advanced check, an indispensable call back, contact with the person responsible for their release in the organization, checking office documents etc) and EV (Extended Validated, I don't know how). LE does not issue such. Yes, the encryption is the same, but the level of trust is different. And the whole certificate business is actually based on trust. That is, we all trust the fact that if Thawte, Comodo, GeoTrust etc said that "this is Vasya Pupkin's office", then we believe that it is so.
Why do people buy OV/EV? There are several reasons:
- LE issues only a limited set of certificates - in fact, there are many more than just a DV-certificate to protect one site work on a crumpled "bug" - and here reputational losses can suddenly turn into financial ones
- Sometimes you need a certificate from a certain CA
- Ponta. Just show off. EV-certificates are expensive enough to underline "elite". You don’t ask why people buy iPhones when there is Xiaomi or why people “make” thieves numbers on cars. It's the same here.
For a site where two and a half people go - of course there is no difference, and the certificate from LE will work just as well as from GeoTrust. For banks, large stores (especially those associated with what is called "excesses"), any sites related to the circulation of money, or at least "wrappers" (for example, upwork.com has an EV certificate from DigiCert) - there can be a significant difference .

V
Vladimir Korotenko, 2020-03-04
@firedragon

It is difficult to set up a wilcard, with my provider it is impossible.
EV only paid
For some organizations, certificates issued in a specific center are required

K
ky0, 2020-03-04
@ky0

Is the data encrypted the same way? Is there a difference in security? Then why do people keep buying certificates?

The data is encrypted in the same way, there is no difference in security.
In other words - all the paddocks are about "more reliable EV certificates, etc." are purely organizational and not technical in nature. The fact that someone there requires a certain certificate to accept payments on the site is a bureaucratic atavism, the user's security does not depend on it.
PS - The danger of phishing, anticipating the scams, is not related to the type of certificate, but to the user's inattention and malware on the end device.

S
Sanes, 2020-03-04
@Sanes

The only difference is the level of trust. Self-signed encrypts in the same way, but browsers will swear. And trusted people have different levels of verification. Some types simply check the fact of domain management (DV), other documents are legal. faces.

N
Nikita, 2020-03-04
@jkotkot

There is a difference. It can only be used for sites where there is no acceptance of payments and work with money (about the second, not exactly).
That is, for a home page or a blog, you can, but if you start accepting payments there, then you already need to buy a normal certificate.
Well, the expiration date. although this is a minor problem and you can configure automatic updates

W
Winseven, 2021-02-01
@Winseven

The question of security is the question of where the private key is generated and who can have it?! The security of your information depends on it!

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question