StartCom is a company from Eliat, Israel that designs open source operating systems, web hosting, and SSL certificates. The StartCom certificate is included in all the standard operating systems including Firefox, Chrome, Safari, and IE. The company offers several different SSL certificates and includes a free version and a wildcard version. StartCom offers a StartComFree certificate, which works for web servers and email encryption. It also offers higher-level certificates with costs, where a validation is necessary. It is important to note that their standard certificate is for non-commercial use only. The free certificate did not include this restriction, but there are different types of commercial certificates available.
- Integration examples
- Free certificate
- FAQ section
StartCom offers four different classes of SSL certificates at very reasonable prices. The Class 1 is for free and does not allow for commercial use. The Class 2, Class 3, and Extended Certificates are for commercial use. Everything above Class 1 has wild card capability and starts at $59.90 per year. This is a good thing, since a lot of the wild card certificates in this industry cost a lot more for the same type of features.
One of the things that we liked about StartCom was that they provided a lot of examples for how to integrate the site seals into your page. If you want to add images, seal check, and certificate authority install, there is an HTML example for every type of seal/logo that you want to include. This is an important feature for us since SSL seals and logos can help your trust and security. In some ecommerce situations, a seal or logo can decrease your bounce rate by about 20%. This is an important feature that ecommerce providers should take very seriously when considering an SSL certificate.
We also felt that, around the board, the StartCom certificates were the most affordable in the industry. Some SSL certificates can cost around a few thousand dollars per year. This gets really expensive for small businesses that want to do ecommerce.
We felt that it was important that there was a free certificate available. If you have a blog or a website that isn't a business, but ask for visitor information, you can use the free SSL certificate to make sure that your visitors' information remains quiet and confidential. This is going to be a big help for "free" websites that aren't involved in promoting a business directly.
While the customer support is kind of "DIY" approach, we found that it was pretty easy to find help on the website for installing your SSL certificate. There is a huge FAQ section that provides instructions for choosing your encryption, setting up your encryption, and installing trust seals and logos on your site.
- Heartbleed fee
- Mac limitations
One of the things that concerned us about StartCom was trust. The liability was a big issue for us. These are "cheap-o" certificates in terms of trust. We found that the liability was only $10,000. This is not enough if an ecommerce store has a major breach, and we weren't quite sure how the foreign location of this company made it easy to have that liability coverage.
Another issue that we had with this SSL certificate authority was that there didn't seem to be a whole lot of support on the website. Everything about the certificate authority of StartCom seems to be initiated electronically, which further makes us question the trust of StartCom.
Did you hear about Heartbleed in 2014? This was a major security bug with Open SSL certificates that left them particularly vulnerable. If you had a revoked certificate as a result of Heartbleed, StartCom was charging you $25 to get a new certificate. While this fee was waived for some customers, we found that this fee was a major detractor for using StartCom's SSL certificates.
Another issue that we had with StartCom was the screenshots used in the FAQ. Everywhere in their FAQ section, we saw screenshots for Windows and Linux operating systems. We didn't see a single screenshot for StartCom that showed users how to install their system in a Mac server. There are a lot of individuals who use a Mac server for their website, and the lack of Mac screenshots with StartCom's FAQ might make this a problem for individuals that want to install the certificate on a non-Windows machine.
The Bottom Line
Overall, we have a hard time recommending StartCom as a provider of SSL certificates. We really didn't like the fact that there was a $25 fee charged for revoked certificates as a result of the Heartbleed security bug. Additionally, we felt like the certificates were a little bit on the cheap side. While the free certificate may sound great, you can't use it for commercial use. (What's the use of an SSL certificate if you can't do ecommerce with it?) Additionally, the $10,000 liability coverage is extremely limited and we wondered about StartCom's ability to "pay up" if there was a security breach on your site.
Can we think of a few situations where a StartCom certificate might be useful? Maybe...the free certificate might be a good short-term cover for a personal website or website under construction that takes contact information. The priced certificates all include wild card capability. For a non-profit with multiple domains and subdomains, this certificate might be an affordable option. However, we cannot recommend this service for e-commerce.