developer.shyd.de. studying my hobby

30Jan/123

Security: SSL for free

(No Ratings Yet)
Loading...

When I was visiting a friend's webblog some days ago I realized he was using a valid ssl certificate. My first thought was: How did he get the cert, I want one for my site!

With that in mind I searched the web to get some more information about certificates for free. The solution is you can get class 1 ssl certs validated for one year for private use. It allows you to secure the root domain and one subdomain of your choise.
I want to show you how easy it is to get one of these from StartSSL and how you set up apache to secure the communication with your site.

1. Creating the Certificate

First of all you need to generate the private and public key of your server:

Now you need to read that private key to generate certificate signing request (CSR). You will be asked for some additional info like organisation name and so on, but you can leave them default, because StartSSL will ignore them.


Now go to the "Express Lane" of www.startssl.com/?app=12 or log in if you already have an account. Fill out all fields truthful. You will receive an email with a verification code to verify your identity. After that you won't get a password to log in, you will have to install an certificate in your browser to continue (remember to backup this for later use in another browser).
In the next step you will be asked to enter the domain you want to create the certificate for (without leading www). Then you have to choose one of the given email addresses found for this domain to verify the ownership.
After that you will be asked to enter a password, skip that step and paste the csr created before:

Now you have to choose one subdomain you want to include in the certificate. It doesn't have to be www mandatory.
Once the cert is generated copy it from the browser including the marks

and paste it into example.com.crt.

2. Configure Apache

Copy the crt and key-file to the path where you store your certificates. The defaults of debian are:

    example.com.crt to /etc/ssl/certs/
    example.com.key to /etc/ssl/private/

For maximum compatibility you can download the intermediate certificate sub.class1.server.ca.pem from www.startssl.com/certs/ and put the

    sub.class1.server.ca.pem to /etc/ssl/certs/

Now go to the ssl-vhost entry in your apache config and add the following lines:

Once you have reloaded the apache config with

you should be able to load the webpage with https://

Filed under: HowTo, Linux | 6,652 views Leave a comment