Can I get a non-self-assigned and free Web server SSL/TLS certificates for my https websites?
Asking the users to accept the self-assigned SSL certificates for my websites is not very convenient.
As far as I know, StartSSL is the only free SSL/TLS certificate provider for https websites that is accepted widely by modern browsers.
The StartSSL™ Free (Class 1) certificates are domain or email
validated and mostly referred to as the free certificates. Because the
checks are performed mostly by electronic means, they require only
minimal human intervention from our side. The validations are here to
make sure, that the subscriber is the owner of the domain name, resp.
email account. You may find additional information on this subject in
our CA policy.
But note that StartSSL users are required to have certain technical levels. Possibly you will learn the “client cert authentication” as a StartSSL user as client cert authentication is not commonly used for normal and widely used websites like Facebook, Twitter, Google and etc.
For a tutorials on registering on StartSSL, please check the first parts of How To Set Up Apache with a Free Signed SSL Certificate on a VPS or Switch to HTTPS Now, For Free.
One problem accessing https://auth.startssl.com with message:
Secure Connection Failed An error occurred during a connection to
auth.startssl.com. Peer does not recognize and trust the CA that
issued your certificate. (Error code: ssl_error_unknown_ca_alert)
The fix is to remove incorrectly imported CA certificate from StartSSL:
Please remove all CA certificates marked with “Software Security
Device” from “Advanced” -> “Encryption” -> “View Certificates”, choose
the “Authorities” tab. You must have imported a CA certificate from us
incorrectly into your browser.
For Chrome, the method is similar but the menus and names are a bit different.
Another good tutorial I found on the Web about StartSSL certificate application: