When you want a secure website, a mail server, or any other service through SSL (which secures the connection between the client and the server), you must use an SSL certificate that is valid for your domain name.
To obtain a SSL certificat, there are 4 solutions :
The StartSSL certification authority, which was managed by StartCom, closed on January 1, 2018.
To start, go to "StartSSL", click the icon (with the key) at the top right and click "Sign-up".
If StartSSL doesn't display this page, try again tomorrow or in a few days. It depends on the number of registrations they have to process.
Otherwise, complete the form with the real information. If you provide false information, your registration will be denied.
Enter the code that you received on your e-mail address.
Once the code is validated, StartSSL invites you to install a certificate.
Particularity, on StartSSL, you login by using a SSL certificate and not by using a simple password. This certificate is the only key to access your StartSSL account. This certificate is installed in the certificate store of your web browser.
The certificate was installed.
As displayed, your client certificate (which thus serves as password) has been installed in your web browser.
To export the certificate installed in Mozilla Firefox, go to the menu (the icon representing 3 horizontal lines) -> Options -> Advanced -> Certificates -> View Certificates.
In the "Your Certificates" tab, you will find a "StartCom" certificate (which corresponds to the company managing StartSSL).
Select the certificate and click on "Save".
Note : For other web browsers, see the StartSSL documentation : How do I backup my client certificates ?
Specify a password to protect the certificate.
The client certificate is exported.
After backing up client certificates, click "Control Panel".
As shown in this picture, you first have to validate your e-mail address or your domain name. To do this, click on "Validation Wizard".
Select the type of validation to perform. In our case, we will validate our domain name.
Enter your domain name (don't indicate the sub-domain in this box).
The certification authority will consult the whois of your domain to show you a list of e-mail.
Note : These include e-mail addresses :
Specify the verification code that you received on the e-mail address selected in the previous step.
Your domain name is validated.
In our case, we will generate a certificate that will be used for a Linux web server (Apache).
Specify a password to protect the private key of the certificate and changing the size of the key (if necessary).
Copy this text in a "ssl.key" file and click "Continue".
As displayed, you can decrypt the private key if you wish by using the command "openssl rsa -in ssl.key -out ssl.insecure.key". This command allows you to restart a server without retyping the password at every server restart (in our case : the Apache web server). By against, you shouldn't store the decrypted file on your hard drive.
- If you use KeePass, which is a secure password manager, you can copy the text in the comment of a new entry.
If necessary, read our tutorial : KeePass - Store your passwords securely
- If you use TrueCrypt, you can store the certificate and the private key in an encrypted file.
If necessary, read our tutorial : TrueCrypt - Encrypt your data securely to prevent theft of confidential data
Then, select the domain for which you want to get a valid SSL certificate.
Enter the sub-domain for which the certificate must be signed.
Note : As mentioned, this SSL Certificate will be valid for the specified subdomain AND for the domain alone.
Copy this text in a "ssl.crt" file.
Note : As mentioned, this certificate is in PEM format (linux).
Now, you have your SSL certificate and its associated private key.
Note : The certificate can't be used without its associated private key.
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2020 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.