: How to get a free or cheap SSL certificate for your Test / Staging environment? My startup client runs a website at xyz.com, they use HTTPS only. They now introduced a test environment to test
My startup client runs a website at xyz.com, they use HTTPS only.
They now introduced a test environment to test upcoming versions (test.xyz.com). They want to run it under HTTPS as well but they can't afford the costs of a real SSL certificate.
Any advice where to get very cheap TEST-certificates?
Currently we have self-signed certificates in place but as they are not signed by a known root authority the browser always displays an alert where the testing person has to accept the self-signed certificate which is quite annoying...
BEST and FREE Solution (UPDATE)
This is what I have done (Web Application running on Tomcat, running on Ubuntu 14). The solution is free of charge and the resulting HTTPS access is fully trusted and secure (marked as green HTTPS in Google Chrome):
Login to Ubuntu Server via ssh
wget dl.eff.org/certbot-auto chmod a+x certbot-auto
./certbot-auto
./certbot-auto certonly (choose option 2, install manually, not via webroot)
cd /etc/letsencrypt/live/YOURDOMAIN/
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out le-pkcs.p12 -name CERT_ALIAS_NAME (it asks for password, remember it!)
keytool -importkeystore -destkeystore le-keystore.jks -srckeystore le-pkcs.p12 -srcstoretype PKCS12 -srcstorepass PASSWORD -alias CERT_ALIAS_NAME
As a result you get the le-keystore.jks file which you can use from tomcat as usual. The HTTPS is now fully trusted and secure.
Sources:
certbot.eff.org/#ubuntutrusty-other https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm
More posts by @Pierce454
2 Comments
Sorted by latest first Latest Oldest Best
Great idea to get valid SSL certificate from third-party vendor. However I would like to make you aware before you proceed, You won't be able to get SSL certificate for local domain/ intranet or IP address. You don't need to worry if you want to get it for your live domain.
Your test environment is running on sub-domain (test.xyz.com). You have two options; if number of sub-domains are not going to exceed in future you can get two domain validation certificates (one for xyz.com and second for test.xyz.com). In second scenario, if number of sub-domains may increase in future then you should get one Wildcard certificate, which will allow you to secure all sub-domains under single-domain.
For example: If you get Wildcard SSL for *.xyz.com then it will secure as under,
news.xyz.com
blog.xyz.com
test.xyz.com
photo.xyz.com
anything.xyz.com
Let's Encrypt is a free SSL made by Linux Foundation
There are already some panels that automatically install it in your site, like VestaCP, which also is a free panel
You can also install it manually using certbot as long as your hosting provides you SSH access.
Concrete steps (added by baszero)
This is what I have done (Web Application running on Tomcat, running on Ubuntu 14). The solution is free of charge and the resulting HTTPS access is fully trusted and secure (marked as green HTTPS in Google Chrome):
Login to Ubuntu Server via ssh
wget dl.eff.org/certbot-auto chmod a+x certbot-auto
./certbot-auto
./certbot-auto certonly (choose option 2, install manually, not via webroot)
cd /etc/letsencrypt/live/YOURDOMAIN/
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out le-pkcs.p12 -name CERT_ALIAS_NAME (it asks for password, remember it!)
keytool -importkeystore -destkeystore le-keystore.jks -srckeystore le-pkcs.p12 -srcstoretype PKCS12 -srcstorepass PASSWORD -alias CERT_ALIAS_NAME
As a result you get the le-keystore.jks file which you can use from tomcat as usual. The HTTPS is now fully trusted and secure.
Sources:
certbot.eff.org/#ubuntutrusty-other https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.