March 17th, 2014, 08:29 PM
How to get a SSL key for free?
How can I get a SSL key for little to no cost? I am not worried about limits on the amount of use as if I have much use, I can clearly pay for it.
PS. Any recommendations on any documentation which could walk me into this subject. I currently know next to nothing about it.
March 17th, 2014, 11:14 PM
Just used it this weekend because Gmail wouldn't let me pull mail from my personal mail server into Gmail without a CA-signed certificate and I had no interest in paying for a certificate that literally only I would be using.
What you're looking for is actually a signed certificate, not a key. You create the key on your own. You can create the certificate on your own too, what you're actually paying for is for the CA to verify who you are and give you a signed certificate saying they've identified you. Obviously for a free certificate they don't go through a whole lot of verification, but I can tell you from personal experience that startssl actually does the same level of verification for their free certificate that most other providers do for their entry-level / "domain"-validated certificates.
The process involves:
* Create a keypair
* Create a certificate signing request
* Send the CSR and public key to the CA
* The CA sends you back a signed certificate
* You configure your application with the signed certificate, private key, and a bundle of additional certificates that the CA provides to you
The steps vary depending on your operating system, application and the CA.
March 18th, 2014, 04:51 AM
your first concern should be the trustworthiness of the CA, not the costs of a certificate. The whole security of TLS depends on whether or not the CA does its job.
The standard certificates from StartSSL or one of the big commercial CAs are on the very low end of trustworthiness. They're automatically signed if somebody makes a request and then confirms the random token from an unencrypted e-mail sent to email@example.com. This is laughable.
The question is: What do you wanna do with the certificate? Who's your audience?
- If you have a limited audience of tech-savvy users, you should create a self-signed certificate and have the users personally verify it. This is by far the most secure solution, because it doesn't involve any third parties at all. This is what you would do for an admin backend, for example.
- If you have a bigger audience of tech-savvy users, I recommend CAcert. This is a non-profit CA with a very rigorous signing procedure. You have to actually meet in person with another member and prove your identity. Unfortunately, most browsers don't have the CAcert root certificates preinstalled, so your users need to manually import it.
- If you have a company website and lots of money (which you said you don't), get extended validation from an external CA. This is also fairly secure and gets you a nice green URL bar.
- If and only if you neither have users with technical knowledge nor the money to pay for extended validation, you have to fall back to an automatically signed certificate. Compare the different CAs and choose wisely. What's their past? Do they take their job seriously?
Like with all security-related infos, it's hard to point to one good source which explains it all in the correct way. I recommend you read up on specific topics and play around with OpenSSL and self-signed certificates before you request a real certificate.
Originally Posted by NotionCommotion
There are basically four things to take care of when dealing with TLS:
- Use RSA with at least 2048 bits. Anything below that is insecure and may not even be accepted by the CA. Personally, I use RSA with 3072 bits which is considered roughly equivalent to common symmetric algorithms like AES-128.
- Generate the private key directly on your server. Don't have it lie around on your PC, but do keep an offline backup.
- If your webserver supports it, encrypt the key and only decrypt it on startup. nginx lets you do this, but I'm not sure about Apache.
- Get your configuration right. Most importantly, turn off insecure algorithms and use Diffie-Hellman key exchange (see Forward Secrecy).
You can create a self-signed test certificate with OpenSSL:
If you use an external CA, you would leave out the third step and send them the request file instead.
# generate an RSA keypair with 3072 bits and encrypt it
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 -aes-128-cbc -out server_key.pem
# generate a certificate signing request
openssl req -new -key server_key.pem -sha256 -days 365 -out server_csr.pem
# sign the certificate with the key itself
openssl x509 -req -in server_csr.pem -signkey server_key.pem -sha256 -days 365 -out server_crt.pem
You can test your server at https://www.ssllabs.com/ssltest/. Don't worry if you only get 90%, though. They have absurd requirements with regard to key lengths.
Comments on this post
Last edited by Jacques1; March 18th, 2014 at 04:55 AM.
March 18th, 2014, 05:57 AM
Thanks for the information, gentlemen.
Not only do I not have any users with technical knowledge, I currently do not have users at all Hopefully, that will change in about 3 months. For now, I want to learn more and become prepared.
March 19th, 2014, 07:27 AM
if you buy a domain @ namecheap, you can get a positive ssl certificate for 1.99 for the first year. after that its like 9 bucks a year i think. super cheap. hope that helps.
March 19th, 2014, 08:41 AM
HowTos/Https - CentOS Wiki describes the steps to create a certificate as follows. What is different between this approach and the steps described above?
Originally Posted by Jacques1
# Generate private key
openssl genrsa -out ca.key 2048
# Generate CSR
openssl req -new -key ca.key -out ca.csr
# Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
# Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
March 19th, 2014, 09:46 AM
The steps are the same: They generate a private RSA key, create a certificate signing request and then sign it with the key itself.
But they use the old genrsa command instead of genpkey, and they do not explicitly specify the algorithms. Unless those are set in the OpenSSL configuration file, they'll end up with the insecure default values.