Walk-through guide for StartSSL Certificates, Part 1 of 4.
Last updated March 1st, 2014 by Steven JordanAdditional StartSSL articles:
1. Sign-up: Resister with StartSSL.
2. Personal Certificates: Back-up and authenticate to StartSSL with personal certificates.
3. New Cert: Generate the StartSSL certificate.
4. Windows Certificate Management: Import the StartSSL certificate into Windows.
StartSSL Introduction:
StartSSL is a public certificate authority (CA) who offers free SSL certificates. StartSSL certificates are every bit as secure as those provided by VeriSign, GoDaddy, or Thawte. In addition, StartSSL integrates with nearly every browser and operating system as a trusted root certificate; end-users do not receive identity warnings!
StartSSL certificates work great and they are free -so what's the catch?
- StartSSL class 1 certificates are free, but they are only valid for one year. The certificates must be renewed (for free) each year.
- StartSSL offers limited support. The StartSSL website is not intuitive and is outright complicated compared to other public CAs (e.g., GoDaddy).
- Certificate revocation (i.e., mistakes) cost $25. Don't lose your private keys!
- The class 2 identity verification is cumbersome.
Assumptions:
- StartSSL authenticates with personal certificates. The authentication process is different from most other web sites, which authenticates with usernames and passwords.
- Mozilla FireFox is the preferred web browser for StartSSL management. Examples provided were created with FireFox.
Register with StartSSL to receive your free personal certificate. The following steps explain how to register and authenticate.
1. Sign-up.
StartSSL certificates are available to anyone with a valid email address. Sign-up for a free StartSSL account at: https://startssl.com/?app=12.
Enrollment Details.
Provide your name, home and email address, and click submit. StartSSL sends a verification code to the registered email account. Enter the verification code and submit.
3. Generate Private Key.
The next step to the registration process generates a personal SSL certificate. All SSL certificates consist of a private key and a public key. The registration process creates a private key after the email address is verified. Choose High Grade and click Continue.
4. Install Certificate. Click on install:
5. Finish. The personal certificate is automatically installed into the user certificate store.
The personal SSL certificate is ready to authenticate user sessions on
http://www.startssl.com. It is a good idea to backup (i.e., export) the personal certificate at this point.
Next Up: Part-two covers the StartSSL personal certificate authentication and management process.