I have spoken to many customers were buying SSL certificates. Most have commissioned Vastspace for the entire process. From my experience, most have the impression that the SSL certificate can be done on the same day.
Whether it is done by yourselves or Vastspace the process is the same. I will explain the entire process, so you will get a better understanding.
A Paid SSL certificate is issued by the certificate authority, not Vastspace. All SSL certificate applied for that domain must be validated and the CSR from the origin must be submitted. The validation methods are; domain-validation, organization validation and extended validation. Each validation process is conducted by the CA. DV, domain validation has a shorter process. The ‘owner’ of the domain must approve that he or she has applied an SSL certificate for that domain.
Once CA has satisfied, they will issue the SSL certificate. This process is the fastest but it has lower insured value because it is domain validated. How soon? It depends on how soon the owner can approve for the DCV email sent to him or her.
I have seen DV SSL certificate took more than a month or even cancelled after the CSR was submitted. OV will validate the organization applied and buying the SSL certificate. The CA will print the organization name on the OV validated SSL certificate.
EV SSL certificate verification is the most extensive. The verification comprises the DV, OV and callback to verify the real person behind the business. Business telephone number published on the authorised websites will be used.
The EV SSL verification is very long-winded if the organization is not prepared for the process. Handled by an inexperienced sales guy can delay the entire process. Thus, I recommend asking and check with the vendor before you are buying an SSL certificate, especially for the EV SSL certificate.
Here is the link to understand more about different types of SSL certificates.
Why do some go for a paid SSL while you can an SSL certificate for free?
There is no difference in encryption if you are using a free SSL certificate, they are the same in terms of functionality. However, some would still prefer a paid SSL certificate.
There are a few reasons why you would go for a paid SSL;
- Re-issue – mostly unlimited from most CA. However, there is a limit or delay to get an SSL issued as the process is automatic for end users. The waiting time for the next cycle is no for someone to run an online business.
- The validity of the free SSL certificate is shorter, you definitely can not get past the 12 months duration,
- Limited to DV (domain validated), if you are looking for OV or EV, it is only available to a paid SSL certificate.
- There is no insurance value on a free SSL certificate.
- Support provided by CA, you might get support still for the free one but it is definitely taking longer.
- Reputation, if I’m running an online business. I will want my SSL certificate signed by a reputable CA and recognized by my visitors. Not likely with the free SSL, especially for the EV SSL.