I’ve been using internally generated SSL certificates for testing and publishing, as most developers, IT pros, and DIY people have, and though it works, it can be a little frustrating when dealing with CRLs and OCSP Responders if you don’t want to receive warnings from browsers and applications about them being untrusted. For public facing sites, there’s a vendor that is now providing free certificates and an excellent toolbox for managing them.
Read on for more info or take the link: https://www.startssl.com.
StartSSL provides free sub-domain / domain certificates, ie. you can get a certificate issued that contains subdomain.domainName.com that includes an ‘alternate’ entry for domainName.com. After signing up, which took less than 5 minutes, you can generate what they call level 1 certificates for free. The signup includes validating your email address used to register (it does NOT have to be associated with the domain), and then validating that you have domain privileges. The automated domain validating involves StartSSL doing a whois lookup on the public domain, and presenting you with the choice of email addresses associated with the domain in which to receive a confirmation email from StartSSL. The validation is good for 30 days, and you can start issuing certificates against that domain immediately following the validation. This validation protects the domain and prevents hijacking. Make sure that you read the instructions carefully and back-up your certificates and keys when they tell you to. The instructions are designed to protect you, your account, the certificates, and keep things moving smoothly for you as the customer and them as a vendor.
If you’re looking for a domain wildcard certificate, ie. *.yourDomain.com, you’ll have to go into their next level of validation which involves sending them copies of 2 forms of identification, which will give you access to level-2 certificates which include wildcards and multi-domain certs. These certs are also free, but the validation requires a payment of ~ $60. Which is a steal if you look at how much other vendors are charging for these certs, if they even offer wildcard certs.
They do offer other services as well, like their EV (Extended Validation) certificates that also show a green bar in the browser when being visited at a personally reasonable cost. Also as part of their free service, you can get user-based certificates, and code-signing certs. Want to be a ‘trusted’ developer? Distribute ‘trusted’ code?
They have a great FAQ page that explains why they are doing what they are doing (free SSL certs), and how to use their system. Their basic paradigm is that automated functions are free. Things that require human interaction/intervention require an employee and have an associated, VERY reasonable charge.
The site is a bit simple looking but don’t let that throw you off in the least. It may be lacking the usual bells and whistles / eye candy that most people have become accustomed to, but it is about the easiest site to use that I’ve been on when it comes to finding the information you need and utilizing their services. Anyone remember the K*I*S*S rule?
Excellent job StartSSL and thanks for bringing regular people into the public SSL arena.