New SSL Certificate: Generate a StartSSL Certificate, Part 3 of 4.
Setup StartSSL Certificates: Creating StartSSL Certificates, Part 3 of 4.
Last updated March 2nd, 2014 by Steven JordanTakeaway: This article provides setup instructions to create free StartSSL certificates. This is the third part in a four-part series on how to use StartSSL certificates. This article assumes the registration process is complete; and the StartSSL personal certificate is installed.
Additional StartSSL articles:
1. Sign-up: Resister with StartSSL.
2. Personal Certificates: Back-up and authenticate to StartSSL with personal certificates.
3. New Cert: Generate the StartSSL certificate.
4. Windows Certificate Management: Import the StartSSL certificate into Windows.
StartSSL Sign-In:
Begin at the StartSSL home page, and click Control Panel and on the following page click Authenticate.
1. Validation Wizard.
Validate your domain name in order to generate SSL certificates for your website. Begin at the StartSSL Control Panel → Validation Wizard → Domain Validation → Continue. Enter your domain name on the following page → Continue.
2. Select Verification Email.
Choose from one of the pre-selected email addresses and click continue.
3. Verify Code.
Enter the verification code after the verification email arrives.
Validation provides your user account permission to generate SSL
certificates for the associated domain. Domain verification is valid
for 30 days. It's finally time to dole out SSL certificates.
The big-box CAs (i.e., GoDaddy) require a certificate signing request (CSR) before you can request a SSL certificate. StartSSL is different in this respect, because they provide tools to generate SSL certificates without ever having to touch a Windows server.
Create SSL certificates with the Certificates Wizard located in the StartSSL Control Panel.
1. Select Certificate Purpose.
The first page in the certificate wizard selects the certificate's function. Choose the Web Server SSL/TLS from the pull down menu and click Continue.
2. Generate Private Key.
Enter a private key password. You can create your own private
key password but it's best to use an application to assist with the
process. KeyPass is a good tool to generate and manage key passwords.
Keep the Keysize and Secure Hash Algorithm defaults. Click Continue.
3. Save Private Key.
StartSSL presents the RSA private key as encrypted text. Copy the private key text and paste it into Notepad. Save the text file to a secure location (e.g., bit-locker USB drive). Even better, save the private key, along with the key password, to KeePass.
4. Add Domains.
Select the target domain name for your certificate. Validated domains are available to choose from.
Click Continue.
Choose sub-domain name (i.e., host name, domain prefix). For example: test.stevenjordan.net.
5. Ready Processing Certificate.
Click Continue to process the certificate request.
6. Retrieve the Certificate.
The SSL certificate is available immediately after the request is
complete. StartSSL presents the certificate in a format similar to
private keys; clear text. Copy the certificate text and paste it into Notepad. Save
the text file to a secure location (e.g., bit-locker USB drive).
KeePass can be used to store the SSL certificate text as well.
It's time to put the certificate to good use. StartSSL provides a handy tool that incorporates both certificate and private key into a single PFX file. We'll later use the PFX file to import the certificate and private key into Windows.
To create the PFX file, click Tool Box and the click on Create the PCKS#12 (PFX) File. Copy and paste the private key, certificate, and password into the appropriate fields. Click Continue.
Viola! You now have a PFX file to import into any Windows environment.
Next Up: Part four covers the Windows Certificate Store that imports the StartSSL certificate.