February, 2010 – Graham Miln

A better source of SSL certificates

I am no fan of Certificate Authorities (CA) but they seem necessary to work with in order to offer secure services. Certificate Authorities are the organisations that deal with certificates needed for Secure Sockets Layer (SSL) connections – the connections in your browser that show a padlock.

Thus, I was delighted to find StartSSL’s offerings. The prices are good and the service has been great.

I had trouble getting the sign up process working with Safari 4 on Mac OS X, and needed help to rectify the resulting problems. Within an hour or two all was put right and DssW’s Reseller site now has a new SSL certificate.

I experienced problems when setting up the site’s authentication certificate and keys. Keychain appeared to get confused at some stage and I was left locked out of my original account.

If you decide to try StartSSL from Mac OS X, I recommend using FireFox. I found Safari’s tight integration with Keychain to be counter productive. FireFox avoided Keychain’s problems and gave me control over where the keys and certificates ended up.

Ultimately, I want DssW’s keys and certificates stored in separate keychains or files, and not lumped into my personal login keychain.

Try following Glenn Fleishman’s article “How to obtain and install an SSL/TLS certificate, for free” from ars technica for the smoothest experience.