Free SSL Level1 Certificate for Your Web Site

I recently went through and obtained a SSL Certificate to use with for free!!!, and wanted to share how I did it, from issuer to web server configuration.

I found by search google for free SSL third party certificate authorities a vendor that issues free SSL Certificates. Level 1 only, for the differences in levels, see here. So this was good enough for my needs. Let’s get started!!

  1. Go to
  2. You will need to register some of your personal information, such as your name, address, and phone number.
  3. You will receive, by email, your Personal Identification Certificate. This is NOT the SSL certificate you will use with your website. This certificate is used to identify you to Allowing you to issue a Certificate Signing Request (CSR) for StartSSL to sign, etc… It is similar to a password you would use to log into a website, such as your web email, etc. Instead you will use this Personal Certificate they assign to you when logging into
  4. Once you receive this personal authentication certificate from you will need to import it into your current web browser. For my case this was FireFox. First open Firefox, go to preferences/options. Find the Advanced Tab and then Encryption. There should be a button such as “View Certificates”. Click on this and it will bring up the current SSL certificates imported and/or cached for the browser.
    Click on the Tab “Your Certificates” and click import. Select the Personal Authentication Certificate issued by StartSSL.
  5. Now we follow the Wizard to request a Web SSL Cert and Key pair for your website!!
    After validating your website, click on the Certification Wizard. Select the Web Site certificate type.
    The next screen is where you set the encryption type (SHA1 or SHA2), as well as a passpharase/password to protect your private key during transfer.
    NOTICE: Keysize is the strength of the SSL encryption, since recently 2048-bit is the lowest a CA will issue.
  6. Summary of Certificate files needed…(NOTICE!!!, you cannot get these certificates unless you register with StartSSL and receive a Personal Certificate as stated above.):

    • Private Key Certificate, from StartSSL
    • Public Certificate, from StartSSL
    • StartSSL Intermediate Certificate, from StartSSL
    • StartSSL Certificate Authority file, from StartSSL
  7. Now we need to edit our apache2 config file to use the new certificate we just downloaded from
    vi /etc/apache2/sites-available/default
    #main apache configuration file
    Listen 80
    Listen 443
    NameVirtualHost *:80
            RewriteEngine on
            #rewrite to ssl
            RewriteEngine on
            RewriteCond %{HTTP_HOST} ^$
            RewriteRule (.*)$1 [R=301,L]
            DocumentRoot /www/{location of web files}
            ServerAlias *
            SSLEngine On
            SSLProtocol all -SSLv2
            SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
            SSLCertificateFile /{location of site cert file from StartSSL}
            SSLCertificateKeyFile /{location of site key file from StartSSL}
            SSLCertificateChainFile /{location of StartSSL intermediate Cert}
            SSLCACertificateFile /{location of StartSSL CA certificate}
            DocumentRoot /www/{location of web files}
  8. Enable Rewrite and SSL engine
    a2enmod rewrite
    a2enmod ssl
    service apache2 restart
  9. Optional:When you restart the apache2 service above you will receive a prompt asking you to enter the private key passphrase/password that you assigned from StartSSL. If you would like to unprotect the private key (not recommended), you can remove it by:
    openssl rsa -in Protected_PrivateKey.key -out Unprotected_PrivateKey.key
  10. Browse to your website and check that it is rewriting it to use HTTPS and that the certificate is working.

That’s it! If your site now displays in the address bar a green lock, then it is SSL protected by a third-party trustpoint. Awesome!


Leave a Reply