Creating a Free Trusted SSL Cert with StartSSL for use with Synctuary Steps along the way: Create a personal cert to identify yourself (used by StartSSL instead of username/password) (Recommended) Save a backup of your personal cert and reimport securely, disallowing private key export Perform domain validation Request cert bound to your server s name Save your Cert, Private Key, and Intermediate Chain Combine into a PKCS12 file (*.p12 or *.pfx) for Synctuary
Creating a Free Trusted SSL Cert with StartSSL for use with Synctuary Steps along the way: Create a personal cert to identify yourself (used by StartSSL instead of username/password) (Recommended) Save a backup of your personal cert and reimport securely, disallowing private key export Perform domain validation Request cert bound to your server s name Save your Cert, Private Key, and Intermediate Chain Combine into a PKCS12 file (*.p12 or *.pfx) for Synctuary
Creating a Free Trusted SSL Cert with StartSSL for use with Synctuary Steps along the way: Create a personal cert to identify yourself (used by StartSSL instead of username/password) (Recommended) Save a backup of your personal cert and reimport securely, disallowing private key export Perform domain validation Request cert bound to your server s name Save your Cert, Private Key, and Intermediate Chain Combine into a PKCS12 file (*.p12 or *.pfx) for Synctuary
Creating a Free Trusted SSL Cert with StartSSL for use with Synctuary Steps along the way: Create a personal cert to identify yourself (used by StartSSL instead of username/password) (Recommended) Save a backup of your personal cert and reimport securely, disallowing private key export Perform domain validation Request cert bound to your server s name Save your Cert, Private Key, and Intermediate Chain Combine into a PKCS12 file (*.p12 or *.pfx) for Synctuary
If using windows, install CygWin and be sure to include the openssl package. https://cygwin.com/install.html If using CygWin, you might want to do something like this: cd /cygdrive/c Now you are working in your C: drive If using Mac or Linux, just go to terminal. Create a private key and certificate signing request (CSR) as follows: openssl req -newkey rsa:3072 -keyout hostname.private.key -out hostname.csr -nodes
Country Name State or Province Name For example, US Must be fully spelled out. For example, New York or California Locality Name Whatever you like. For example San Jose Organization Name Organizational Unit Optional, your company name Optional, company department Common Name You must enter the FQDN of the server. For example, synctuary.example.com Email Address Will be exposed to the internet. Choose wisely. A challenge password An optional company name Just press [Enter] Just press [Enter]
Use a text editor, or cat command, to view the contents of your *.csr file. Paste here
Follow their instructions. Use a text editor to copy & paste the blue text into a *.crt file Right-click and Save As to download the intermediate.
Creating a Free Trusted SSL Cert with StartSSL for use with Synctuary Steps along the way: Create a personal cert to identify yourself (used by StartSSL instead of username/password) (Recommended) Save a backup of your personal cert and reimport securely, disallowing private key export Perform domain validation Request cert bound to your server s name Save your Cert, Private Key, and Intermediate Chain Combine into a PKCS12 file (*.p12 or *.pfx) for Synctuary
Combine the private key, cert, and intermediate, into a single pkcs12 file, with a command like this: openssl pkcs12 -export -out hostname.pfx -inkey hostname.private.key -in yourcertfilename.crt -certfile sub.class1.server.ca.pem The password cannot be blank.
Use the Synctuary Admin Tool to upload the new cert to the server