April 16, 2016

Get a free SSL certificate

Sometimes when you work on PoC for web-based projects using HTTPS, you may want to have a SSL certificate for testing. You may simply create a self-signed certificate from IIS, however, when you visit the web site installed with self-signed certificate, you'll see a warning page you must be quite familiar with

There's a certificate authority called Let’s Encrypt, who's offering free SSL certificate valid for 3 months. That means you'll need to renew the certificate every 3 months, but that's quite enough for PoC. You can use Let's Encrypt client to obtain your cert via some command lines. I'm not a fan of command line, but fortunately I found a website at https://www.sslforfree.com/ built upon Let's Encrypt. Following some simple (but a bit tricky for Windows users) steps, you can get your free cert.
  1. Go to the website, input the domain you would like to create the cert for and click Create Free SSL Certificate

  2. Choose the way of verifying you are the owner of the domain. I haven't tried Automatic FTP Verification so I'll simply walk through Manual Verification and click Manually Verify Domain

  3. Assuming you are a Windows user, set up a IIS web site. The web site has to be publicly exposed on the internet and whitelist (at the time of writing this post, it is this IP address) as mentioned in the page and bind the domain to the web site
  4. Click Download File #1, you will get a text file for further uploading. The file name and content will be different every time you request for the cert
  5. Create a folder in the root of the website named .well-known. Notice that you may get a warning message to stop you.

    Instead use the folder name .well-known., the folder will be created successfully and the last dot will disappear
  6. Create a folder named acme-challenge under .well-known and copy the downloaded file to acme-challenge
  7. Click the link (for instance, http://test.petekcchen.com/.well-known/acme-challenge/mRIcor-5_-TPKeZJALHjCP4RdZMuchs-3u4XmfHT840) provided on the page, you may see 404 since the downloaded file does not have extension and it will be ignored by IIS. So go to your IIS website, add a MIME type as below
    then you'll be able to see the result

  8. Click Download SSL Certificate and the site service will communicate with Let's Encrypt to get the cert for you
  9. Click Download All SSL Certificate Files and you'll get a zip file named sslforfree.zip containing ca_bundle.crtcertificate.crt and private.key

    You can then install certificate.crt on IIS and configure the HTTPS binding. It will work perfectly.

No comments: