📜 ⬆️ ⬇️

StartSSL or how to get rid of self-signed certificates

I owed a lot of work to self-signed SSL certificates: these are different control panels, mail and application servers. In general, it’s impossible to remember everything, in most cases you can easily get by using self-signed certificates, but even in these cases it is annoying to constantly import them into the browser (sometimes it’s not trivial, like Google Chrome) or an email client (like the Mail App), and if we talk about mail for example, so there is a complete ambush in general, if you have a lot of users, then a certain percentage will surely call you to inform you that they have an error "something about the certificate". Of course, you can teach users to import them, but it's much more pleasant when nothing at all happens. On the other hand, buying a certificate is not a cheap pleasure, at least 15 bucks if you search, it always stopped me, as there seems to be no critical need for a signed certificate, and I don’t want to give my blood notes. So I lived on self-signed certificates from time immemorial.

Most recently, I came across the service https://startssl.com . In short, the service allows you to get a valid SSL certificate absolutely free, such a certificate is recognized by browsers, mail clients and even mobile devices (I have not personally checked).
As I have already said, issuing certificates can be absolutely free, but there are some restrictions, for example, such certificates cannot be used for financial transactions and e-commerce. Also, a certificate revocation will cost you money. You can not create wildcard certificates and valid certificates for multiple domains / subdomains.
At the same time, paid services are also available, after paying a certain amount ($ 49) and passing an identity check, these restrictions will be removed (except for a certificate revocation fee), and you can still receive certificates for free, and they will already contain your details.

I will not tell you how to use their website, since everything is quite simple there.
Just adding the installation of certificates is sometimes not trivial, but it's worth it.

If anyone needs help with installing in postfix, dovecot will be happy to help, write in a personal.

Description of installing certificates in Apache and IIS is on their website.

Have a good transition!

Source: https://habr.com/ru/post/106252/

All Articles