Tuesday, August 9, 2011

Renew SSL certificate from StartSSL



1) The web server SSL certificates from startssl is free for class 1 and needs to be renewed every year. Two weeks before SSL certificates expiration, you will receive an email notification. But you need to validate your email first as email validation only for 30 days.
(Go to control panel in www.startssl.com, click Authenticate, click validations Wizard, and click email validation).

2) You may also need to renew S/MIME authenticate certificate, which is only valid for one year. If you fail to renew, you may not enter you your account.
(Go to control panel in www.startssl.com, click Authenticate, click Certificate Wizards, and click renew S/MIME authenticate certificate).

3) Now you can renew your web server SSL.
Go to control panel in www.startssl.com, click Authenticate, click Certificate Wizards, and click Web Server SSL/TSL Certificate, following the instruction,
copy and save in ssl.key. run the following command
openssl rsa -in ssl.key -out ssl.key
You can also click Decrypt Private Key in Toolbox, which is identical to the above command. If you have a copy and paste error (for example I missed a dash - at the first line), you will get the following error message:
"unable to load Private Key
15632:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:
Expecting: ANY PRIVATE KEY"
In this case, you have to create a new certificate by either requesting revocation (which isn't free of charge) or use a different sub domain.


4) click Retrieve Certificate in Toolbox to get ssl.crt
Click StartCom Root CA (PEM encoded) in StartCom CA Certificates (left menu) to get ca.pem;
Click Class 1 Intermediate Server CA in StartCom CA Certificates (left menu) to get sub.class1.server.ca.pem.

5) Install your  ssl.key, ssl.crt, ca.pem and sub.class1.server.ca.pem in your web server ssl directory and restart your web server.

6) To check your ssl in your web server, go to SSL checker and input your https website or left click your mouse in your browser with your https website, click more information and view certificate.





3 comments:

  1. As a small buisness owner, I have had trouble in acquiring free ssl certification, finding a cost effective product distribution method, online retail is incredibly complicated, thanks for the advice regarding the SSl certification

    ReplyDelete
  2. This blog entry is useful to me every 365 days :). Thanks so much for writing it!

    ReplyDelete
  3. When - like in my case - the personal certificate was stupidly lost, will it be possible after some days to renew the expired class 1 TLS certificate for my subdomain or never?

    ReplyDelete