How To Get A Free SSL Certificate in 2022June 27, 2022
Certain 3rd-party companies are mentioned throughout this post. No compensation of any kind is received by Madole Labs from these organizations. This blog post remains an opinion piece with the purpose of educating readers. Please conduct your own due diligence before working with any of the companies mentioned.
Whether you are an enterprise or a hobbyist with a one-page website, security is no longer considered optional on the world wide web. If a web user doesn’t see a padlock beside your web address, there is a high probability they will bounce. So how do you protect visitors as they browse your website and reassure them your site is secure? The answer is a Secure Sockets Layer (SSL) certificate. Read on as we tell you How To Get A Free SSL Certificate!
An SSL certificate keeps visitors’ sensitive information secure as they visit pages, read posts, submit information through forms, or purchase products. In this post, you’ll learn everything you need about SSL certificates and how to implement Cloudflare‘s offering for free.
Why Do I Need An SSL Certificate?
Anytime a visitor comes to your website, data is transferred from your device to servers before it reaches its final destination. Your visitors expect you to keep that data secure. Without a secure connection, the data they share with you is at risk of falling into the wrong hands — compromising their privacy — which could mean severe consequences for them and you.
In short, your site needs to have SSL. This added layer of security encrypts information and protects you from data breaches. It reassures visitors that they can trust you with sensitive information. Not to mention, SSL improves your ranking in search results.
How SSL Certificates Work
SSL certificates are more than just a padlock on a web browser. To provide an overview of how SSL certificates work, let’s examine how you are visiting our great blog at MadoleLabs.com.
Whether you typed “madolelabs.com” into your web browser or came to us via a search engine such as Google or Bing, your web browser conducted a verification before even displaying our webpage. While your browser loads the site, your device receives Madole Labs’ SSL certificate through a public key and verifies it with the certificate authority.
Once verification is completed, your device and the Madole Labs server agree that everything is legitimate. They form a connection which is called a handshake.
Through the established handshake, your device and the madolelabs.com server decide on the encryption they’ll use to transmit data back and forth securely. What makes this connection secure is the coding and decoding of information while it is in transit between the computer and the server. The timeframe where security attacks are prone is when the data is moving from one place to the next (in transit), so scrambling the information in an encrypted hash or private key keeps everything secure until it gets where it needs to be. Note, that no data has been sent yet.
Once the data is decrypted by your device using the private key, a lock icon appears next to the website’s name in the browser’s search bar.
You can browse madolelabs.com, knowing that any data you share is safe and won’t be intercepted by malicious hackers.
Cost Of An SSL Certificate
There is a wide range of costs for an SSL certificate. The right choice all depends on the level of security you require. The types of SSL certificates, ranging from general security to highest level of security (and, generally, lowest to highest in price) are:
Domain Validated (DV) Certificates: For sites, such as blogs or small business websites. Should be considered for sites that don’t exchange any customer information.
Organization Validated (OV) Certificates: For sites, such as business websites with forms and lead capture capabilities. Still consider only if your site does not exchange sensitive customer information.
Extended Validated (EV) Certificates: For the highest level of security. Websites that will handle sensitive information such as financial transactions.
The type of SSL certificate you choose depends on your users’ actions on your site. SSL certificates can be expensive if you don’t know where to look or what you’re buying.
Once you choose the type of certificate you require, you can shop for Certificate Authorities that offer SSL certificates at that level.
How To Get A Free SSL Certificate from Cloudflare
Founded in 2010, Cloudflare is a US-based content delivery network (CDN) that also provides distributed denial-of-service protection to online domains, speed optimization, and various cybersecurity services.
If your domain is registered with another provider such as Google or GoDaddy, you will need to point your nameservers to Cloudflare. Cloudflare provides directions here on how to do so. For simplicity, I recommend transferring your domain to Cloudflare so it is one less place you need to visit to manage your domain in the future.
If you host your own website on your own computer, server, or NAS, and want to secure it with an SSL certificate, here are the steps you should follow to do so:
- Visit https://www.cloudflare.com. If you are not registered, click the Sign Up link located at the top-right of the page, and fill out the required information. If you are registered, simply Log In.
- In the Websites section, click the Add a Site button as shown below.
- Enter in your domain, then click the Add site button.
- Click Get Started under the Free plan option. After all, that is the point of this article…FREE!
Cloudflare will then go out to the internet, and search for the existing domain. Once found, it will display all current DNS records, and ask you to view them to ensure they are accurate. You will also have an opportunity to add new ones. Don’t worry, even by continuing to the next step, nothing will happen to your current settings.
- Click Continue at the bottom.
You will now be provided instructions on how to change your nameservers at your current registrar. Once you commit your nameserver change, all DNS records will then be managed by Cloudflare. It depends on your existing registrar on how long the change will take. Regardless, no services will be impacted as your DNS records at your old registrar are an exact duplicate at Cloudflare. Be aware the nameserver change could take as long as 24 hours to commit.
After the nameserver change has committed, go back to your Cloudflare dashboard, and under websites, click the domain name you wish to secure with an SSL certificate. A new dashboard will be displayed.
- Select the SSL/TLS option to be brought to the Overview page. As stated earlier, this article assumes you have your own hardware for hosting your website. It could be a Windows desktop running IIS, a Linux server running Apache, a Synology NAS, or any other hardware/software combination capable of hosting a website.
- The most secure option is Full (strict) which ensures a fully secure handshake between a visitors browser and your web server. Choose that radio option.
The Full (strict) option requires you are running what is called an Origin Server. An origin server is a computer running one or more programs that are designed to listen for and process incoming internet requests. This server will require a TLS certificate installed on it, which Cloudflare provides for free.
- Click Origin Server under the SSL/TLS menu heading. In the new screen, click the Create Certificate button.
We now have to take the steps to create our certificate. In order to do so, we will need to create a private key and a Certificate Signing Request (CSR). You can provide your own CSR if you wish, but I have found it much easier to use one generated by Cloudflare.
- Leave the default of Generate private key and CSR with Cloudflare option selected. The default in the dropdown is RSA (2048). Leave that selected.
- In the second section you are asked to enter in your hostnames. The easiest option is to make two entries to capture any and all permutations for your domain. For instance, if I were looking to secure MadoleLabs.com, I would enter in *.madolelabs.com and madolelabs.com. You will find Cloudflare displays these two by default.
- Lastly, how long do you want your certificate for? You can select as little as 7 days and as much as 15 years!
- Once the options are entered, click Create at the bottom.
You will be shown both your Origin Certificate and your Private Key. DO NOT LEAVE THIS SCREEN. This is the only time the Private Key will be shown. If you do navigate away without capturing the private key contents, you will have to create a brand new certificate.
- Leave PEM selected under Key Format.
- Click the Click to copy option under Origin Certificate. This will copy the contents over to your clipboard.
- Assuming you are using Windows, open up Notepad, and paste the contents into the window. Save the text file with any name you wish, but ensure the extension is .crt. This will tell your web server this is the origin certificate file.
- Copy and paste the contents of Private Key into a brand new Notepad window. Save this new file with any file name you wish, but this time the file extension must be .key. This tells your web server this is the private key file.
- Once you have saved both the .crt and .key files to your computer, it is safe to navigate away from the Cloudflare SSL/TLS window.
Upload both files to your web server using the proper method for your installed web server. Once installed, you now have a free website certificate for your self-hosted website. Test it by going to your website with the https:// prefix. You should see your site appear with a padlock next to your domain name.
We appreciate you visiting Madole Labs as your trusted source of how-to’s. If you have any questions, please leave them in the comments section below.