Setting up SSL on my server

This website now has a valid Class 1 SSL Certificate! And this came at no cost (monetarily) to myself, thanks to StartSSL gives away free Class 1 certificates to anyone who wants one and can verify ownership of a domain.

This wouldn't be a big deal in and of itself, as you can easily create your own certificate authority, site cert, and private key.

The reason it is important is that, unlike a personally crafted SSL certificate, StartSSL is a trusted Certificate Authority (CA) in all major browsers. So when a user browses to your site, they are transparently encrypted.

If you simply upload your own certificate, every user would see a trust warning and would have to manually accept the possible security problem. Not only does this require a user to know how to do that, it also requires that they disregard a possible man-in-the-middle attack, since this is the exact same warning that would show up if someone else created their own man-in-the-middle security certificate.

StartSSL verifies ownership of a domain by sending an email to the Otherwise, you could sign up for any website certificate, and you would be able to perform your own man-in-the-middle attack without anyone knowing (that is, until one of the billion internet users realized this, and caused an uproar that would result in StartSSL being revoked as a trusted CA).

So why did I get a security certificate? Mainly because I could. I certainly don't plan on selling anything, and as of now I don't have any logins for users (other than myself). But it is fun knowing that I can browse to my brand new domain, hosted on my very own, self-managed VPS, and see an encrypted page with no security warning. It may be peanuts to a seasoned admin, but I'm having fun building my very own website and server from scratch.


You killed off StartCOM CA, so now you have to pay for your own certs.