Mobile app version of vmapp.org
Login or Join
Pierce454

: How to get a free or cheap SSL certificate for your Test / Staging environment? My startup client runs a website at xyz.com, they use HTTPS only. They now introduced a test environment to test

@Pierce454

Posted in: #Https #SecurityCertificate

My startup client runs a website at xyz.com, they use HTTPS only.
They now introduced a test environment to test upcoming versions (test.xyz.com). They want to run it under HTTPS as well but they can't afford the costs of a real SSL certificate.

Any advice where to get very cheap TEST-certificates?

Currently we have self-signed certificates in place but as they are not signed by a known root authority the browser always displays an alert where the testing person has to accept the self-signed certificate which is quite annoying...

BEST and FREE Solution (UPDATE)
This is what I have done (Web Application running on Tomcat, running on Ubuntu 14). The solution is free of charge and the resulting HTTPS access is fully trusted and secure (marked as green HTTPS in Google Chrome):


Login to Ubuntu Server via ssh
wget dl.eff.org/certbot-auto chmod a+x certbot-auto
./certbot-auto
./certbot-auto certonly (choose option 2, install manually, not via webroot)
cd /etc/letsencrypt/live/YOURDOMAIN/
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out le-pkcs.p12 -name CERT_ALIAS_NAME (it asks for password, remember it!)
keytool -importkeystore -destkeystore le-keystore.jks -srckeystore le-pkcs.p12 -srcstoretype PKCS12 -srcstorepass PASSWORD -alias CERT_ALIAS_NAME


As a result you get the le-keystore.jks file which you can use from tomcat as usual. The HTTPS is now fully trusted and secure.

Sources:

certbot.eff.org/#ubuntutrusty-other https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Pierce454

2 Comments

Sorted by latest first Latest Oldest Best

 

@Angela700

Great idea to get valid SSL certificate from third-party vendor. However I would like to make you aware before you proceed, You won't be able to get SSL certificate for local domain/ intranet or IP address. You don't need to worry if you want to get it for your live domain.

Your test environment is running on sub-domain (test.xyz.com). You have two options; if number of sub-domains are not going to exceed in future you can get two domain validation certificates (one for xyz.com and second for test.xyz.com). In second scenario, if number of sub-domains may increase in future then you should get one Wildcard certificate, which will allow you to secure all sub-domains under single-domain.


For example: If you get Wildcard SSL for *.xyz.com then it will secure as under,

news.xyz.com

blog.xyz.com

test.xyz.com

photo.xyz.com

anything.xyz.com

10% popularity Vote Up Vote Down


 

@Murray155

Let's Encrypt is a free SSL made by Linux Foundation

There are already some panels that automatically install it in your site, like VestaCP, which also is a free panel

You can also install it manually using certbot as long as your hosting provides you SSH access.

Concrete steps (added by baszero)
This is what I have done (Web Application running on Tomcat, running on Ubuntu 14). The solution is free of charge and the resulting HTTPS access is fully trusted and secure (marked as green HTTPS in Google Chrome):


Login to Ubuntu Server via ssh
wget dl.eff.org/certbot-auto chmod a+x certbot-auto
./certbot-auto
./certbot-auto certonly (choose option 2, install manually, not via webroot)
cd /etc/letsencrypt/live/YOURDOMAIN/
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out le-pkcs.p12 -name CERT_ALIAS_NAME (it asks for password, remember it!)
keytool -importkeystore -destkeystore le-keystore.jks -srckeystore le-pkcs.p12 -srcstoretype PKCS12 -srcstorepass PASSWORD -alias CERT_ALIAS_NAME


As a result you get the le-keystore.jks file which you can use from tomcat as usual. The HTTPS is now fully trusted and secure.

Sources:

certbot.eff.org/#ubuntutrusty-other https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme