Configure Free SSL Certificates - Registering with Startssl

With the rise of a microservices culture through virtualization and RESTful APIs, the need for SSL certificates has increased dramatically. One can get by with creating self-signed certificates and putting up with the warning message below for personal services.

SSL Certificate Warning

However, anything that is meant to be used by the public really needs a trusted security certificate. It turns out that you can get free SSL certificates from Startssl and we will show you how to get started and setup with Nginx.

Alternative Providers

If I find out about other providers of free SSL certificates, I will make sure to create tutorials for them as well, so please post in the comments below. I am most excited about Let's Encrypt, which aims to make it easy to obtain free SSL certificates as demonstrated in this youtube video, but it will not be available until 2015, and makes no mention of automating installation on Nginx, only Apache.

Register With Startssl

Head over to Startssl and click "Sign-up".
Sign up button on Startssl

Fill in all the fields in the form. For all the Brits out there, we need to select Great Britain instead of United Kingdom this time.
Startssl form

Open your email in a new tab and copy the code provided, which I have blanked out for obvious reasons.

Go back to your previous tab and paste the code before clicking continue.

You will then be put into a queue to be reviewed (or maybe this is all non-US registrations).

After some time (roughly 10 minutes for me) you will get an email notification, hopefully stating that your request has been approved.

Copy the code and click on the link. You will have to enter the code into the box, although I have no idea why since the &auth= part of the url had the code in it. I hope they weren't relying on just a match beween the url and the code one enters into the box, otherwise, one could just use any code and manipulate the URL.

Click Continue on the next page to create a "High Grade" private key.

Click "Install" and wait for about 10 seconds.

You will be shown this screen which has a link to installation instructions, but for now just click Finish.

Backup Your Certificate

Search below for the header named after the browser you are currently using and follow its instructions.

Firefox

Select "Edit"->"Preferences|Options" -> "Advanced" -> "Certificates" -> "View Certificates".

Choose the "Your Certificates" tab and locate your client certificate from the list. The certificate will be listed under StartCom. Select the certificate and click on "Backup".

Choose a name for this backup file, provide a password and save it at a known location. Now you should either burn this file to a CD ROM or save it on a USB stick or smart card. Thereafter delete this file from your computer.

Chrome

Click on the "Options" icon in the upper left (. Select "Settings" from the menu. Click on "Advanced Settings" and then in the HTTPS/SSL section, click on the "Manage certificates..." button. Select the certificate(s) you want to export, click on the "Export..." button and follow the prompts from the Export Certificate Wizard that pops up. Make sure to include the private key as well, export as .p12 file.

Internet Explorer (Really??)

Download Firefox or Chrome and start again.

Alternatively, select from "Tools" -> "Internet Options" -> "Content" -> "Certificates" -> "Personal" and locate your client certificate from the list. Click on "Export" -> "Next" -> "Yes, export the private key" -> "Next" -> "Next". Choose a password for your file and click "Next", choose a name for this backup file and save it at a known location. Now you should delete this file after having burned it to a CD ROM or saved it on a USB stick, so that you will have inevitably lost it by the time you eventually need it.

Opera (I'm sure you're not the only user)

Select from "Settings" -> "Preferences" -> "Advanced" -> "Security" -> "Manage Certificates" -> "Personal". Click on "Export" and choose a name for this backup file. Make sure to choose the .p12 for PKCS12 extension, not the default .usr.

Safari (OS X)

Select the private key and the certificate together in your keychain and export as a PKCS12 file.

Conclusion

We have successfully registered with Startssl in order to gain free SSL certificates. We now need to validate our domains with Startssl so that we can then obtain certificates for each website/service, before deploying them on Apache or Nginx.

Author

Programster

Stuart is a software developer with a passion for Linux and open source projects.

comments powered by Disqus