Free SSL Level1 Certificate for Your Web Site

I recently went through and obtained a SSL Certificate to use with thejimmahknows.com for free!!!, and wanted to share how I did it, from issuer to web server configuration.

I found by search google for free SSL third party certificate authorities a vendor that issues free SSL Certificates. Level 1 only, for the differences in levels, see here. So this was good enough for my needs. Let’s get started!!

  1. Go to http://startssl.com
  2. You will need to register some of your personal information, such as your name, address, and phone number.
    starssl1
  3. You will receive, by email, your StartSSL.com Personal Identification Certificate. This is NOT the SSL certificate you will use with your website. This certificate is used to identify you to StartSSL.com. Allowing you to issue a Certificate Signing Request (CSR) for StartSSL to sign, etc… It is similar to a password you would use to log into a website, such as your web email, etc. Instead you will use this Personal Certificate they assign to you when logging into StartSSL.com.
  4. Once you receive this personal authentication certificate from StartSSL.com you will need to import it into your current web browser. For my case this was FireFox. First open Firefox, go to preferences/options. Find the Advanced Tab and then Encryption. There should be a button such as “View Certificates”. Click on this and it will bring up the current SSL certificates imported and/or cached for the browser.
    startssl2
    Click on the Tab “Your Certificates” and click import. Select the Personal Authentication Certificate issued by StartSSL.
    startssl10
  5. Now we follow the Wizard to request a Web SSL Cert and Key pair for your website!!
    After validating your website, click on the Certification Wizard. Select the Web Site certificate type.
    startssl3
    The next screen is where you set the encryption type (SHA1 or SHA2), as well as a passpharase/password to protect your private key during transfer.
    startssl6
    NOTICE: Keysize is the strength of the SSL encryption, since recently 2048-bit is the lowest a CA will issue.
  6. Summary of Certificate files needed…(NOTICE!!!, you cannot get these certificates unless you register with StartSSL and receive a Personal Certificate as stated above.):

    • Private Key Certificate, from StartSSL
      startssl5
    • Public Certificate, from StartSSL
      startssl7
    • StartSSL Intermediate Certificate, from StartSSL
      startssl8
    • StartSSL Certificate Authority file, from StartSSL
      startssl8
  7. Now we need to edit our apache2 config file to use the new certificate we just downloaded from startssl.com

  8. Enable Rewrite and SSL engine
  9. Optional:When you restart the apache2 service above you will receive a prompt asking you to enter the private key passphrase/password that you assigned from StartSSL. If you would like to unprotect the private key (not recommended), you can remove it by:
  10. Browse to your website and check that it is rewriting it to use HTTPS and that the certificate is working.
    startssl9

That’s it! If your site now displays in the address bar a green lock, then it is SSL protected by a third-party trustpoint. Awesome!

Sources:

Leave a Reply