This site (and my other projects) used free SSL certificates from StartCom (aka startssl). Beginning last fall, Google, Apple, Mozilla, etc began distrusting the StartCom root certificate -- https://security.googleblog.com/2016/10 ... rtcom.html. This results in SSL certificate validity errors when opening this and other web pages.
This isn't a high-level commerce, banking, personal info, etc. site, yet I still wish to offer a SSL connection for users. Purchasing SSL certs for $$ annually isn't a viable option, so I opted for a self-signed certificate, which is used across the kc9uhi.net domain.
This offers two options to users -- click through the "certificate validity" / "non-trusted" errors, or install the kc9uhi-ca root certificate.
To install the root certificate, download it at http://qth.kc9uhi.net/ca.crt and use your operating system's certificate manager to install it in an appropriate trusted certificate store. Alternatively, download the zip file of certificate and one-line batch file to install the certificate for you -- http://qth.kc9uhi.net/ca.zip.
StartCom certificates distrusted
Re: StartCom certificates distrusted
10-4
Since you started doing SSL, it seems getting free certificates is a bit more common placed. I assume you already know about:
https://certbot.eff.org/
Since you started doing SSL, it seems getting free certificates is a bit more common placed. I assume you already know about:
https://certbot.eff.org/
Re: StartCom certificates distrusted
Switched to Let's Encrypt / certbot
Most of my internal stuff still runs on kc9uhi-ca certs, but I think I've got the public stuff switched over.
Most of my internal stuff still runs on kc9uhi-ca certs, but I think I've got the public stuff switched over.
Who is online
Users browsing this forum: No registered users and 2 guests