StartCom certificates distrusted

Anything that doesn't seem to fit elsewhere
Post Reply
kc9uhi
Site Admin
Posts: 107
Joined: Mon Dec 02, 2013 10:46 pm

StartCom certificates distrusted

Post by kc9uhi » Mon Apr 17, 2017 12:12 pm

This site (and my other projects) used free SSL certificates from StartCom (aka startssl). Beginning last fall, Google, Apple, Mozilla, etc began distrusting the StartCom root certificate -- https://security.googleblog.com/2016/10 ... rtcom.html. This results in SSL certificate validity errors when opening this and other web pages.

This isn't a high-level commerce, banking, personal info, etc. site, yet I still wish to offer a SSL connection for users. Purchasing SSL certs for $$ annually isn't a viable option, so I opted for a self-signed certificate, which is used across the kc9uhi.net domain.

This offers two options to users -- click through the "certificate validity" / "non-trusted" errors, or install the kc9uhi-ca root certificate.

To install the root certificate, download it at http://qth.kc9uhi.net/ca.crt and use your operating system's certificate manager to install it in an appropriate trusted certificate store. Alternatively, download the zip file of certificate and one-line batch file to install the certificate for you -- http://qth.kc9uhi.net/ca.zip.

User avatar
kb9mwr
Posts: 128
Joined: Tue Dec 03, 2013 10:59 am

Re: StartCom certificates distrusted

Post by kb9mwr » Mon Apr 17, 2017 9:19 pm

10-4

Since you started doing SSL, it seems getting free certificates is a bit more common placed. I assume you already know about:

https://certbot.eff.org/

kc9uhi
Site Admin
Posts: 107
Joined: Mon Dec 02, 2013 10:46 pm

Re: StartCom certificates distrusted

Post by kc9uhi » Fri Aug 11, 2017 12:26 am

Switched to Let's Encrypt / certbot

Most of my internal stuff still runs on kc9uhi-ca certs, but I think I've got the public stuff switched over.

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests