Once upon a time I used self signed certificates for this site. And it was good. Of course it meant that you had to accept the site certificate manually and it appeared that it would cause a couple applications to quietly fail.
Why anything related to SSL quietly fails is simply beyond me…
For the most part this worked out pretty well. After all this is a small little personal site and nothing of major significance. So for me and a few friends and the occasional visitor it appeared to be more work then necessary and of course there was the cost involved for the signing of the certificate. To date the best price, if you have to pay, for signing is from GoDaddy.com for around $10 for a single host.domain cert (Though in checking for this post it appears to have increased to $12.99.)
Again, this wasn’t a big deal for me and I decided that I could find something more useful to do with the money (Like purchasing lunch or a bit of gas!) and left life as it was. But eventually I wanted to get the Hack And Beer site up and going on its own. Because I was planning on using WordPresss I wanted to use SSL encryption to secure the login process I needed to generate another certificate or modify the existing cert to list the hack and beer names as other acceptable names.
As I wanted to keep the two very separate the option of using the same cert was less then desirable. Give that the host name is recorded in the certificate I did want to get an additional IP and as it turns out, my VPS provider requires a non-self signed SSL/TLS cert as verification of technical needs.
D’oh!
After a couple weeks I gave up on moved on and just pushed this to the side. But a week or two later a friend decided to do something similar on the same VPS and noticed that they would accept certificates signed by StartCom. StartCom is an SSL Certificate provider out of Israel that will give a class 1 certificate to anyone that wants one. This is a “low level” trusted certificate that will contain the domain and a single host record. The company will give one per domain away to anyone for free of charge, but they do require an account be created as part of the process.
Following the online instructions was easy and in a matter of a few minutes I had a free and signed certificate for my personal site that I can use for the website and the mail server as well as pretty much any other service that I provide.
A few more minutes and I actually removed the pass phrase from the private key that caused Apache to ask for a password when loading.
Hooray!
Now when someone visits https://theadamsresidence.net they will no longer be pestered about the SSL/TLS certificate.
So browse around and enjoy the site!
- Mike
P.S.
The second Go Daddy URL is a link to the site that Go Daddy uses to dish out FREE SSL/TLS certs to Open Source projects.
Websites:
http://www.godaddy.com/Compare/gdcompare_ssl.aspx?isc=sslqgo016b
https://www.godaddy.com/ssl/ssl-open-source.aspx
http://startssl.com
http://httpd.apache.org
