StartCom certificates distrusted
Posted: Mon Apr 17, 2017 12:12 pm
This site (and my other projects) used free SSL certificates from StartCom (aka startssl). Beginning last fall, Google, Apple, Mozilla, etc began distrusting the StartCom root certificate -- https://security.googleblog.com/2016/10 ... rtcom.html. This results in SSL certificate validity errors when opening this and other web pages.
This isn't a high-level commerce, banking, personal info, etc. site, yet I still wish to offer a SSL connection for users. Purchasing SSL certs for $$ annually isn't a viable option, so I opted for a self-signed certificate, which is used across the kc9uhi.net domain.
This offers two options to users -- click through the "certificate validity" / "non-trusted" errors, or install the kc9uhi-ca root certificate.
To install the root certificate, download it at http://qth.kc9uhi.net/ca.crt and use your operating system's certificate manager to install it in an appropriate trusted certificate store. Alternatively, download the zip file of certificate and one-line batch file to install the certificate for you -- http://qth.kc9uhi.net/ca.zip.
This isn't a high-level commerce, banking, personal info, etc. site, yet I still wish to offer a SSL connection for users. Purchasing SSL certs for $$ annually isn't a viable option, so I opted for a self-signed certificate, which is used across the kc9uhi.net domain.
This offers two options to users -- click through the "certificate validity" / "non-trusted" errors, or install the kc9uhi-ca root certificate.
To install the root certificate, download it at http://qth.kc9uhi.net/ca.crt and use your operating system's certificate manager to install it in an appropriate trusted certificate store. Alternatively, download the zip file of certificate and one-line batch file to install the certificate for you -- http://qth.kc9uhi.net/ca.zip.