Free SSL certificate

If you need a SSL certificate that is trusted by the browser (opposed to a self signed one) then a free one can be created by http://cert.startcom.org/

If you select validation you will be charged for that, but not choosing validation should be free.

You can choose an express path for starters.

  • StartSSL will create a client certificate, install it on your PC. StartSSL responds with:
    • Congratulations!
      Your first client certificate has been installed into your browser. This is a bootstrapping certificate for authentication purpose.
      Backup this certificate to an external media, otherwise you might not be able to regain access to your account. Please read these instructions from our FAQ page on how to do that.
    • Follow description in FAQ.
    • You will also recieve an email telling you to backup that client certificate. The certificate is called you@example.xx (S/MIME Class I 2013-09-17)
  • Create a SSL certificate following: https://www.startssl.com/?app=29
    • Press Validation Wizard on page https://www.startssl.com/?app=12
      • Select “Domain name…” in the dropdown list
      • After entering a top level domain (example.xx in this case), Start SSL will confirm with sending an email to one of the three mailboxes:
      • You need to make sure one exists, so you can retrieve the mail.
      • Confirm to StartSSL with code you received in the mail.
    • Press Certificates Wizard on page https://www.startssl.com/?app=12
      • Select “Web Server SSL…” in the dropdown list
      • Supply a password on the “Generate Private key” page. Generating the key takes a long time – gave up waiting for a 4096 size. The 2048 size only took less than a minute to generate. StartSSL responded with:
      • Save Private Key
        Copy and paste the content from the textbox below into a file and save it as ssl.key.
        Make sure, that you do not alter the content and you did not add any spaces! Save it in ASCII format (plain text).
        Allowed are only letters and numbers, without spaces!
        Decrypt the private key with the OpenSSL utility: openssl rsa -in ssl.key -out ssl.key or use the utility from the Tool Box.
        —–BEGIN RSA PRIVATE KEY—–
      • Press Continue – Select example.xx – Continue. Response:
      • Add Domains
        You must add one sub domain to this certificate.
        The base domain rasor.dk will be included by default in the Alt Name section.
        Note: In order to add multiple domains and sub domains, your Identity must be at least Class 2 validated. Check your status at the “Identity Card”.
      • Note: If you don’t come to above screen, then restart the wizard.
      • Enter “sub” (for sub.example.xx). Continue. Response:
      • Ready Processing Certificate
        We have gathered enough information in order to sign your certificate now.
        The common name of this certificate will be set to sub.example.xx.
        The certificate will have the following host names supported:
        example.xx
        sub.example.xx
        Please click on Continue in order to process the certificate.
      • Continue. Response:
      • Additional Check Required!
        You successfully finished the process for your certificate. However your certificate request has been marked for approval by our personnel. Please wait for a mail notification from us within the next 3 hours (the most). We might contact you for further questions or issue the certificate within that time. Thank you for your understanding!
      • ….. after mail has been received: Goto “Retrieve Certificate” below.
    • Decrypt the private key (ssl.key). Press Tool Box on page https://www.startssl.com/?app=12
      • Select Dectrypt Private Key.
      • Enter txt from ssl.key – continue.
      • Save output in the txt box as ssl.decrypted.key.
  • Retrieve Certificate. Press Tool Box on page https://www.startssl.com/?app=12
    • Select Retrieve Certificate.
    • Select sub.example.xx in the drop-down list – Continue. Response:
    • Retrieve Certificate
      You must have the corresponding private key or request pending in order to install the certificate.
      Make sure to backup the certificate including the private key to some external media. 
      Certificate:
      —–BEGIN CERTIFICATE—–
    • Save the txt as ssl.crt.
    • If there were no response then try once more.
  • At the web host:
    • Private (Decrypted) Keys (KEY).
      • Domain: sub.example.xx
      • Paste the crt below:
        ….
      • Press Install. Response:
      • Installed Keys for the domain(s): sub.example.xx (auto-detected)
    • Goto Certificates (CRT). Text:
      • Upload a New Certificate. 
        Paste the crt below:
        ….
      • Press Upload.
      • The host shows the certifcate is installed:
        Certificates on Server
        Host Issuer Expire Date Functions
        sub.example.xx StartCom Sep 18 00:44:58 2013 GMT Show Details | Remove
  • Testing https://sub.example.xx – Did not work.
  • Testing https://example.xx – Did not work either.
  • Checking my host revealed that I need a dedicated IP address for SSL to work. I have to pay some $$$ for that and try again.

Rate them here: http://www.sslshopper.com/startcom-certificate-authority-reviews.html

Other providers: http://www.sslshopper.com/cheapest-ssl-certificates.html

Misc Information

Certificate Usage:

The End

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: