“Free and Professional” not a contradiction


Free stuff is many times accompanied with a bad taste in common public opinion. As a rare exception, the open source software movement however has successfully disproved this impression during the last decade. Today major firms are involved in this open and free stuff, from IBM, Sun, HP and Novell - not to mention Red Hat, which is one of the most successful open source vendors. Different business models and benefits are tied to open source, making free an advantage for these players, sometimes for many different reasons.

Enter digital certificates. They are an important part of the Internet for identification and e-commerce. They used to cost, in the not so distant past, up to hundreds of US$ per certificate and year, making security for web site owners often expensive. During the dot com bubble, companies were willing to shelf out almost any amount in order to perform trade on the Internet. This however had a negative effect on the adoption of digital certificate by the masses, since many couldn’t always afford them. Specially geeks (developers) and open source fans snubbed the certificates from commercial certification authorities and looked ever since for different solutions. Self-signed certificates being one of them, which deflated the purpose of digital certification tremendously (I call that the “warning-popup-click-away-effect“). As a result most browser vendors are left with no choice but to take action against them today, discouraging its use almost forcefully.

Luckily StartCom provides digital certification for many purposes - free of charge - to anybody adhering to the terms and certification policy, being it for web sites, mail servers or email accounts. This includes all low-assurance (Class 1) certificates offered. “But can this be any good if it’s for free“, one might ask according to the general opinion about free offers. “Where is the catch?”

The easiest answer is by quoting from the StartCom CA web site: “By applying a completely different and new business model compared to traditional certification authorities, we are able to prove here, that digital certificates can cost much less or may be even free of charge!

The commercial aspects aren’t a criteria for certification authorities. The cost of certification is almost irrelevant to the operations of such an authority, what matters are the policies and practices which govern them. Even support and professionalism doesn’t and mustn’t suffer either. To prove my point let me quote from an interesting article* I came across recently, which explains how to secure an Exchange server, also called Outlook Web Access (OWA), with the free certificates:

…I feel it’s better than using my own CA for certificate generation. The fact that many of the leading Web browsers are recognizing StartCom as a valid root CA gives me confidence in their credibility and commitment to security. Just because a StartCom certificate is free, it does not mean that they hand them out willy-nilly — my certificate request was actually frozen, and I was contacted by a StartCom employee to verify my identity and reason for requesting a certificate. I was quite impressed by the speed of this process; the e-mail I received said I would be contacted within six hours but I received contact and had my certificate ready within 30 minutes.

This shows that the costs of a service or product don’t have any meaning about its quality. Free and professional services don’t have to be a contradiction. Support is a matter of policy and efficiency by the operating entity, not a matter of costs. By finding new ways and different approaches StartCom is able to free the web even more and keep it open and secure for all! Professionally!

* The article was written by Justin Fielding in two parts. Read about Secure Outlook Web Access with (free) SSL: Part 1 and Part 2.

Information and Links

Join the fray by commenting, tracking what others have to say, or linking to it from your blog.


Other Posts
The Oracle Anti Patent-Threat Conspiracy
Community reports back!

Write a Comment

Take a moment to comment and tell us what you think. Some basic HTML is allowed for formatting.

You must be logged in to post a comment. Click here to login.

Reader Comments

Be the first to leave a comment!