Posted June 13, 201212 yr Hi, I am looking at purchasing a SSL certificate, for my website, mailserver and to familiarise myself with using and deploying SSL I have a few questions - i have found a company offering SSL certificates for just $5/yr. whats the benefits/downfall of getting a cheap certificate. Obviously using mainly for myself and learning i dont want spend 200+ - Can i use a single SSL certificate for Mail, HTTP etc, or are these all specific to the service i want to apply ssl? Thanks
June 13, 201212 yr Honestly I don't know why some companies offer SSL certs for 5$... maybe they work, maybe not... I never tried. Usually I bought certs on godaddy: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=9039 Have you tried googling the name of the company which sells that cert for 5$? Maybe you can find some unsatisfated user... It's also true that 5$ are almost nothing... and this is for "testing" purpose... so... try it ) you don't have confidential data ) SSL doesn't check the service, it looks at the hostname. If you buy a cert for mail.mydomain.com this will be issued for mail.mydomain.com :) -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
June 13, 201212 yr Author Thanks for your reply, Judging by reviews, the look very good. So i might just go ahead and get myself a SSL certificate and then i have SSL for my website and MAIL. :) Thanks!
June 14, 201212 yr FPCH Admin I buy my certs from Namecheap. They cost me $9 per domain per year. There is a bug in IIS when installing certificates. It will error after it reads the CSR. Even though it does error the cert is installed. You have to do a refresh to get it in the list. Off Topic Forum - Unlike the Rest
June 14, 201212 yr Author Thanks for this help guys! This will be useful. Im getting 1 in about 2 hours for 2 years. Should i go with namecheap then? 1 more thing, how to insert? Just IIS management, Server Certificates then Import? cause it asks for the Certificate "file" maybe they issue a download of the certificate when purchased? Thanks!
June 14, 201212 yr It works more or less in this way: You receive a cert, open IIS import and give the file just received. The auth process will continue until your cert is confirmed. At this point you should receive something else per e-mail (usually) which is the last part of your file. Upload it to IIS and done ) -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
June 14, 201212 yr Author Thanks, just purchased and here where im stuck on the site activating it. Note: If an SSL certificate is being issued for an IDN (Internationalized Domain Name), a "common name" field of a CSR must be a punycode of the domain (also known as ASCII compatible encoding, or ACE) e.g. xn--aussergewhnliches-7zb.com. Including common name in native characters will result in an error. www.domain.com vs. domain.com: For RapidSSL certificate when the SSL certificate is bought for www.example.com, it secures both www.example.com & example.com. If RapidSSL is purchased for example.com it secures only example.com. Please make sure you use correct common name in your CSR. I entered my domain www.megahosting.co.nz and it gives me a error too short! I get this error Error Unable to parse CSR. Error from service provider. More Info:Error Details: -1001: Unable to decode CSR data. Key size may be too large. Thanks!
June 14, 201212 yr Welcome to the beautiful World of certs ) Create a new CSR request from IIS :) -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
June 14, 201212 yr Author Just a quick thought and question I have generated this CSR for my certificate, however i didnt specify who it was going to ie. cheepssls.com Is this like DNS proporgation where its global? Thanks!
June 14, 201212 yr I think that in your request there's already something that knows where to go :) -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
June 14, 201212 yr welcome again :) Wait... Wait... Wait... And... Wait... -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
June 14, 201212 yr Errors on windows side? -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
June 14, 201212 yr Author No, well this is weird I have to manually go to the website and activate it and enter the CSR. Then i am emailed the cert. So whats the point in sending a request?
June 14, 201212 yr It should be automatic... Bah... -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
June 14, 201212 yr Author So it appears, with the cheaper ssl certs, that nothing is displayed in the browser to show that my website is SSL secure? Like the pittle green bar before tge address bar Does this sound correct
June 15, 201212 yr Mhhhh no you should see the lock before "HTTPS". If you type HTTPS://yoursite do you have something? -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
June 15, 201212 yr Author Mhhhh no you should see the lock before "HTTPS". If you type HTTPS://yoursite do you have something? Ok, havnt tried yet as im having isses installing the cert. the intermediate cert is in a different format then iis will let me insert it as, and this is after following the provided instructions. So there will be no green bar correct? Thats for the more expensive certs right?
June 15, 201212 yr Author So chating with tech support again (supply online chat which is quite good). what im having trouble with it getting the cert into a .PFX I have inserted the Imtermediate certificate.But still nothing shows in IIS however i have not imported via a PFX heres the article im following https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=so16219 Thanks!
June 15, 201212 yr I don't understand what is the green bar you are talking... but now you have the cert installed or not? What happens if you type HTTPS your site.com? -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
June 16, 201212 yr Author This green bar :) [ATTACH]189.IPB[/ATTACH] i cannot add the binding as its asking for the certificate at which i cannot get installed! Thanks! UPDATE: So heres the thing. Im really having problems with importing this certificate. Usually im quite good at converting file formats etc for different audio and video formats and what not, however, this is really hard. IIS appears to want a PFX format, however i cannot find anyway to convert to a PFX I have opened the MMC snap in console, opened the snap in for certificates, and my certificate is in "Personal" folder. I also had to add something to the "Intermediate Certificate Authorities" Folder. Whys this so hard for me lol? Thanks! ANOTHER UPDATE: I have created a temporary self-signed certificate. You should now be able to reach https://megahosting.co.nz, of course the certificate is not trusted though as its a temporary self-signed cert!
June 16, 201212 yr Yes it works. Ask your SSL provider... Maybe they can give you another format. From what I know you can't convert certs files. -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------