20 May, 2015
This site (jimmyg.org) has been running on http for a long time (since about 1999 actually, and on a different domain since 1996). I thought it was about time to go secure, so from today, all URLs that used to point to http://jimmyg.org will get redirected to their https equivalent.
I'm using a free certificate from StartSSL. They require your home address, email, and phone number and it isn't entirely clear from the terms why, but there you go. The process was painless enough, with lots of verification stages, and for some reason I have to create a certificate for md_code(www.jimmyg.org) as well as md_code(jimmyg.org) but that's not really a problem.
I'm hosting the site with WebFaction so they do the actual setup via a support ticket. The site will be served over SNI. It will be interesting to see if there are many issues with such a free approach, and without using a dedicated IP!
Update: Now the SSL certificate is up, you can verify it at this URL: https://www.digicert.com/help/?host=jimmyg.org
If you want to get an StartSSL certificate yourself you'll need to follow their instructions and give you provider the following files:
ssl.crt
ssl.key
sub.class1.server.ca.pem
ca.pem
The first two (md_code(ssl.crt) and md_code(ssl.key)) are of critical importance, they are your SSL certificate and private key with the password removed. The other two are publicly available on the website of StartSSL, so your hosting provider could always have fetched them themselves, but it helps to provide them.
Thanks to Peter D from Webfaction for his advice with this.
It is also worth backing up the client certificate the StartSSL process installs in your browser. Since there are no logins on the site, this is what allows you to access your control panel. Specifically, you seem to need the certificate named with the email address you verified when you registered (not the one you used to confirm you owned the domain).
Copyright James Gardner 1996-2020 All Rights Reserved. Admin.