Home Web Hosting CAcert.org - Free SSL Certificates

Sponsored Links

Dot.tk Free Domains
x10Hosting
GiffGaff Mobile Network
CAcert.org - Free SSL Certificates
Saturday, 13 March 2010 13:55

Hi,

In this blog post I am going to write about a site called CAcert which I have been using or around a year. (Note this post assumes that you already have experience with setting up a server). They offer free SSL certificates valid for 6 months, and you can have as many as you like. However there is a catch... the certificates are not recognised as valid by many of the internet browsers, but this can be solved by asking your visitors to import CAcert's root certificate which only takes a couple of seconds.

Another limitation of CAcert is that the certificates cannot be used to verify the owner's identity as on the server's name appears on the certificate, so they would not be suitable for a high importance secure server such as a payments server. But if what you want is to offer your paranoid visitors/staff to login securely, then a CAcert is just what you need. They are also very useful for testing purposes, and because they are free it does not matter if the test fails.

Anyway now for the interesting bit, how do you get free SSL certificates?

Step 1 - First you need to make sure that you web/mail/... server support SSL, most servers today do, but it's worth checking.

Step 2 - Sign-up on http://cacert.org

Step 3 - Add you domain to your CAcert account and verify that you own it.

Step 4 - Generate a key to use when creating the certificate. On a linux server run the command below:
>>>> openssl genrsa -out server.key 1024

Step 5 - Generate a Certificate Signing Request. On a linux server run the command below:
>>>> openssl req -new -key server.key -out server.csr

Step 6 - Copy and paste the contents of server.csr into the box on the New Server Certificate page on CAcert.org

Step 7 - Once the certificate has been generated copy and paste it into a new file called 'server.crt' on your server (In the same directory as the 'server.key' file.

Step 8 - Download the CAcert-Chain certificate from here and save it in the same directory as 'server.crt'.

Step 9 - Configure Apache to use the certificate, you will need to enable the config file /etc/httpd/conf/extras/ssl.conf and include the following lines into your VirtualHosts configuration:
>>>> SSLCertificateFile <Path to your certificate file>/server.crt
>>>> SSLCertificateKeyFile <Path to your key file>/server.key
>>>> SSLCertificateChainFile <Path to your chain file>/CAcert_chain.pem

Step 10 - Restart Apaceh. Install CAcert's root certificate into your browser from here and test your SSL website by going to https://yoursite.com.

I hope that this guide will help you set up SSL on you server, it can be a bit difficult to get working, but once it's set up you can access your server securely, which in today's world is increasingly important.