Answer the question
In order to leave comments, you need to log in
When do I need paid SSL certificates?
Previously, all SSL certificates were paid. If you want HTTPS, pay for a certificate. Now there is a free Let's encrypt. But at the same time, there are also paid certificates. Yes, it is issued for only 3 months, but it is perfectly updated with scripts. Question - what is the advantage of paid certificates now, what are the limitations of Let's encrypt? Why buy them when you can use them for free? Is it just a matter of "prestige"?
Interested in relation to WEB. I know about their restrictions for IKE authorization.
Answer the question
In order to leave comments, you need to log in
Technically, in general, all certificates are the same :) These are just private and public keys for encryption-decryption, the difference between them is solely in trust to the publisher.
- Local certificates. Issued by a corporate CA, trust to which is absolutely within the office and equal to zero outside it, trust arises only if two offices exchange root certificates (but I am not aware of such cases). They are released for free, put by responsible persons, sometimes you know exactly who is responsible for the release.
- L.E. They are published free of charge by CA, for three months, they require setting up update scripts. The trust is minimal because only proof of ownership of the domain is needed to validate the right to issue a certificate. Nevertheless, they are widely used - for debugging, testing, for personal sites, for everyone who does not care too much about their reputation and does not worry about the possibility of replacing a certificate. For example, for a personal site, a blog, for a site with low traffic, LE is the best choice.
(JFYI: I will never buy anything from an online store with an LE certificate - a person who did not find a couple of thousand in the budget for a DV certificate is a parody of a businessman or just a scam)
- DV from a well-known CA. They are published for a fee, for little money (from several hundred to several thousand rubles), usually for a year. Trust is slightly higher, although they are usually issued by automatic machines, for issuance it is enough to confirm the ownership of the domain. The scope of application is almost the same, plus small online stores, mass media, personal sites of popular people (since DV is issued to physics), organization sites.
- OV from a well-known CA. They are published for a fee, for more money (from several thousand to several tens of thousands), usually for a year. Trust is noticeably higher than in DV, because they are not published automatically, but only after manual verification - CA independently finds a contact number from third sources (which is why it is recommended to provide a link to 2gis, Yellow Pages, etc. when forming an application) and does the reverse control call. Some CAs (but not all) have Russian-speaking staff. They also ask for basic documents confirming the registration of the organization. It is quite difficult to work with CA abroad, it is best to find a proxy company in the Russian Federation (for example, Yaroslavl EMARO) - they will provide all accounting documents according to Russian standards. Scope of application - media, online stores, mail servers (for example, we order for OWA)
- EV from the well-known CA. They are published for a fee, for decent money (tens of thousands), usually for a year. The highest degree of trust, the longest and most difficult verification. Scope of application - banks, large online stores, large media, in general, everything "big".
Extended Validation (doubtful), generation for intranets, and wildcard certificates for domains that cannot be written to via the API.
It's about verification. Letsencrypt verifies that you have DNS access to the domain or server.
Simple DV paid is the same.
Makes sense when verifying an organization.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question