Free SSL Certificates for Public Domains and Sub-Domains via StartSSL

I’ve been using internally generated SSL certificates for testing and publishing, as most developers, IT pros, and DIY people have, and though it works, it can be a little frustrating when dealing with CRLs and OCSP Responders if you don’t want to receive warnings from browsers and applications about them being untrusted.  For public facing sites, there’s a vendor that is now providing free certificates and an excellent toolbox for managing them.

StartSSL logo
Read on for more info or take the link:

StartSSL provides free sub-domain / domain certificates, ie. you can get a certificate issued that contains that includes an ‘alternate’ entry for  After signing up, which took less than 5 minutes, you can generate what they call level 1 certificates for free.  The signup includes validating your email address used to register (it does NOT have to be associated with the domain), and then validating that you have domain privileges.  The automated domain validating involves StartSSL doing a whois lookup on the public domain, and presenting you with the choice of email addresses associated with the domain in which to receive a confirmation email from StartSSL.  The validation is good for 30 days, and you can start issuing certificates against that domain immediately following the validation.  This validation protects the domain and prevents hijacking.  Make sure that you read the instructions carefully and back-up your certificates and keys when they tell you to.  The instructions are designed to protect you, your account, the certificates, and keep things moving smoothly for you as the customer and them as a vendor.

If you’re looking for a domain wildcard certificate, ie. *, you’ll have to go into their next level of validation which involves sending them copies of 2 forms of identification, which will give you access to level-2 certificates which include wildcards and multi-domain certs.  These certs are also free, but the validation requires a payment of ~ $60.  Which is a steal if you look at how much other vendors are charging for these certs, if they even offer wildcard certs.

They do offer other services as well, like their EV (Extended Validation) certificates that also show a green bar in the browser when being visited at a personally reasonable cost.  Also as part of their free service, you can get user-based certificates, and code-signing certs.  Want to be a ‘trusted’ developer?  Distribute ‘trusted’ code?

They have a great FAQ page that explains why they are doing what they are doing (free SSL certs), and how to use their system.  Their basic paradigm is that automated functions are free.  Things that require human interaction/intervention require an employee and have an associated, VERY reasonable charge.

The site is a bit simple looking but don’t let that throw you off in the least.  It may be lacking the usual bells and whistles / eye candy that most people have become accustomed to, but it is about the easiest site to use that I’ve been on when it comes to finding the information you need and utilizing their services.  Anyone remember the K*I*S*S rule?

Excellent job StartSSL and thanks for bringing regular people into the public SSL arena.

[ad#Google Adsense-1]


5 thoughts on “Free SSL Certificates for Public Domains and Sub-Domains via StartSSL”

  1. Their page sucks! Trashed my DS1511 and I cant get it back. Their SSL turned it into a brick and they told me to just “look around the web”.

      1. Probably me. But after I install the cert and key I could never reach or talk to the box other than thru NFS any longer. I had to reset the box and start all over. Although no data was lost on all the drives it was very frustrating and time consuming.

      2. @David: Did you have SSL enabled prior to setting this up? Just wanting to check, did you know the ports change when you enable SSL? I believe the default port is 5000, but when you change to SSL, the port changes as well, I can’t remember the SSL port off-hand though. Did you install the certificate via the CLI or did you use the GUI to import? I know these certs work on Synology devices because I first heard about them through an article about enabling SSL on Synology DSM. Let me know if I can help with anything and I’ll see what I can dig up.

        Good luck.

      3. I create my own SSL port other than what they set it at for obvious reasons. So yes, I’m aware. I did you the GUI import for the two files.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s