Setting up SSL on my server

This website now has a valid Class 1 SSL Certificate! And this came at no cost (monetarily) to myself, thanks to www.startssl.com. StartSSL gives away free Class 1 certificates to anyone who wants one and can verify ownership of a domain.

This wouldn't be a big deal in and of itself, as you can easily create your own certificate authority, site cert, and private key.

The reason it is important is that, unlike a personally crafted SSL certificate, StartSSL is a trusted Certificate Authority (CA) in all major browsers. So when a user browses to your site, they are transparently encrypted.

If you simply upload your own certificate, every user would see a trust warning and would have to manually accept the possible security problem. Not only does this require a user to know how to do that, it also requires that they disregard a possible man-in-the-middle attack, since this is the exact same warning that would show up if someone else created their own man-in-the-middle security certificate.

StartSSL verifies ownership of a domain by sending an email to the postmaster@yourdomain.com. Otherwise, you could sign up for any website certificate, and you would be able to perform your own man-in-the-middle attack without anyone knowing (that is, until one of the billion internet users realized this, and caused an uproar that would result in StartSSL being revoked as a trusted CA).

So why did I get a security certificate? Mainly because I could. I certainly don't plan on selling anything, and as of now I don't have any logins for users (other than myself). But it is fun knowing that I can browse to my brand new domain, hosted on my very own, self-managed VPS, and see an encrypted page with no security warning. It may be peanuts to a seasoned admin, but I'm having fun building my very own website and server from scratch.

Comments

You killed off StartCOM CA, so now you have to pay for your own certs.