Creating a simple SSL Private Key and Certificate for HTTPS use, using StartSSL’s free service

ssl-error“The site’s security certificate is not trusted!” Do you get to see this scary warning often? In most cases you can ignore it, management pages, even your own webmail server, but often you can’t ignore it, it will scare clients away on a public web-server. And you should never enter personal details in an untrusted site that has such a warning.

If your hosting company does not offer a free service as many don’t, and you don’t want to pay for one (there are many advantages if you do though), StartSSL offer a free starter certificate. I have done this “how to” as I have found many people are confused by process.

Choose the StartSSL Free, Choosing the “Express Lane”, unless you have already created an account.

Complete the “Personal Enrolment Details”, entering the verification code which will be emailed to you.

You will then be asked to generate your Private Key, leave the “2048 (High Grade)” default option selected.

When you click continue, it will first generate your Client Certificate, this is attached to your browser purely for authentication with StartSSL.

You will then be asked for the Domain you wish to create the private key for, and to verify your ownership via email, enter the emailed verification code to continue.

Add a password and accept the defaults for key to be created, at the next step the Private Key is created, copy the text in the box (“—–BEGIN RSA PRIVATE KEY—- to and including —–END RSA PRIVATE KEY—–”) and save in a txt file using a simple text editor such as notepad in a file named ssl.key.

On the next page you will be asked to add one sub-domain, in most cases that is just www.

On the next page will create the signing certificate.

Once they have approved your certificate you will be able to collect it by clicking “retrieve certificate” within the “toolbox” menu returning to, choosing the domains certificate from the drop-down click continue, copy the content to a file named ssl.crt

If you need to decrypt your ssl.key and have openssl installed on your system, you can run

openssl rsa -in ssl.key -out decrypted-ssl.key

Alternatively there are some online ssl key decryptors available.

It is contents of those two recently created files (ssl.key (or decrypted-ssl.key) and ssl.crt) that you will need.

One thought on “Creating a simple SSL Private Key and Certificate for HTTPS use, using StartSSL’s free service”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.