https://www.startssl.com/ gives out free SSL certificates. Just don't expect much on their part, given it's free. For example, they refused to reissue certificates for free after Heartbleed. Also you can't use them on commercial sites.
If you read startssl'a justification on the free cert, you'll see that they charge in relation to the time they need to spend. A low level 1 year cert involves no human time. They don't have fully automated systems for revokes/reissues, so it's pretty lame for people to complain about them charging for it.
That's perfectly fair and reasonable from a commercial perspective.
From a security perspective, however, I think you need to meet some minimum standards to remain credible as a CA, and I think at least being willing to revoke certificates that may have been compromised for free and very quickly is one of those standards.
I find it difficult to support retaining StartSSL certificates as trusted-by-default in browsers given their response to Heartbleed and the consequent relatively high probability that any certificate ultimately depending on them has been compromised.
That's understandable and probably a good reason for startssl to build an automated revoke tool, for the sake of keeping their name healthy. However, I would be way more concerned about a company unwilling to pay a trivial amount of money to revoke a cert that was compromises due to their own choice in how they used it. The best CA in the world won't fix bad security incident handling of another company.
Sure, most of the complaining was due to the entitlement, but I'd be interested in a list of all the companies that complained about this and/or failed to pay for a revoke.
Not to mention their inscrutable information and documentation. I was caught out trying to renew a StartSSL cert 6mos ago and could not even access the renewal site. Apparently they use personal certs (or the cert I got?) as authentication? I don't know, because there was no explanation, anywhere. I had no idea whether this is security by obscurity or what, but f-them. I wound up paying $5 to Comodo and having a somewhat more comfortable experience, at least to the degree that there's a standard user control panel and payment flow.
Looks like maybe StartSSL filled out their FAQ a little since then, but only a little:
They use browser certificates (I'm not sure if this is the right name), which is actually pretty cool. When you create an account, a certificate is generated in your browser, and then you can login with it.
The big problem is that since it's almost not used, browsers implement it but haven't done any job in making it user friendly (for example, you can see the certificates currently stored in your browser in Firefox by going in preferences > Advanced > Certificates > View Certificates > "Your certificates" tab, not exactly user friendly). Also (if I remember correctly) StartSSL implementation is not the nicest one as well, as you have to keep your tab open while they validate your account.
It's non-repudiation, it's so they can be sure that the person who received the email is also the person who requested the email.
Proof of data integrity is typically the easiest of these requirements to accomplish.
A data hash, such as SHA2, is usually sufficient to establish that the likelihood
of data being undetectably changed is extremely low. Even with this safeguard, it is
still possible to tamper with data in transit, either through a man-in-the-middle
attack or phishing. Due to this flaw, data integrity is best asserted when the
recipient already possesses the necessary verification information.
Yeah, I got that far, but I had reinstalled, not backed this up, and there was less than zero information about what to import. I tried installing and/or converting every chunk of certificate-type data I could find. No joy, no help, no nothing.
> For example, they refused to reissue certificates for free after Heartbleed.
Not only that, but I believe they refused to revoke the certificates in the first place without payment. So if you don't pay up, even if you go buy a certificate from someone else or decide to use self-signed certificates, an attacker could still use your old certificate to MITM your website.
otherwise https://www.gogetssl.com/ is probably as cheap as it gets.