For an SSL certificate to be valid, it must be obtained from a certificate authority. In most cases, you won’t have to worry about getting one on your own. Your hosting provider will likely offer an SSL certificate at an additional cost. And if you’re working with a web design company, they will take care of the installation for you. At least, that’s how we go about the process.
Things are more complicated if your website is a DIY project, but your hosting provider can configure your certificate for you. They’ll either walk you through the process or take care of it for a fee. Some web hosts even include a free SSL certificate with their hosting plans. Typically, everything is automatically set up for you so that you won’t struggle with the installation.
A Warning About Free SSL
Free SSL certificates may be tempting, but we recommend staying away from them. Unfortunately, there are malicious companies that find exploits and loopholes in the system. They generate fake SSL certificates that make it appear like your site is protected but don’t verify your web server’s identity like a legitimate CA would.
In many cases, you will receive a rogue certificate—SSL that is either compromised or was issued to the wrong organization.
“Rogue certificates allow attackers to create illegitimate sites that are indistinguishable from real sites like eBay, Google or PNC because their certificate hierarchy can be validated. Users then will be redirected to such sites through phishing or ‘man in the middle’ attacks where a compromised host in-between the user and a legitimate site sends traffic to an illegitimate site instead.”
Eric Vandenburg, Vice President of TCDI