Singpolyma

Technical Blog

Free HTTPS from StartSSL

Posted on

Apparently, some people are still unaware that the can get a TLS/SSL certificate for free from StartCom. StartCom has been providing Class 1 certificates for free for some time now, but they’re certificates were not always widely supported. Having used one of these certificates for my personal site for some time now, I can say with confidence that there are well supported by major browsers and Operating Systems.

Head over to StartSSL Login/Signup and click the “Express Lane” option. The wizard will guide you through creating a new StartSSL account and creating a webserver certificate. You will be asked to give a significant amount of personal information, then asked to verify one of the email addresses associated with your domain name, and finally you will be given the opportunity to have them sign a certificate you have generated (the way to get a CSR is different depending on what webserver you are using or what host you are with, there is good information in the StartSSL FAQ or try Google).

As part of the account creation process a client-side TLS certificate will be generated and stored in your browser or OS keychain. Do not lose this certificate. It is the only way to log into your StartSSL account.

One little gotcha in the way StartCom has chosen to implement their Class 1 CA is that you will not be able to list your main domain as the primary name on the certificate, but will have to list a subdomain. You may list more than one name, and your main domain may be on the certificate, just not as the primary name. I, for example, have www.singpolyma.net as the main name on my certificate, and then have singpolyma.net as a secondary. This is a bit strange, but works fine with most clients (a notable exception being wget).

And that’s about it! Unless you’re on a shared host without a unique IP or host-based TLS support there is no reason for you not to have HTTPS enabled on your personal site.

Leave a Response