It seems like this person tried to make this process as difficult as possible. Granted it’s not as simple as it probably can be, but there are a lot of steps and verification because that’s the whole point of the SSL racket. You’re doing something that establishes (and can compromise) a large portion of the security of your website, and you’re requiring some other company to verify that you’re authorized to do this for your domain. Sure it seems overkill for a tiny website used by one person, but the same process has to work for huge domains run by multinational corporations.
You’ve heard of RapidSSL so you go to rapidssl.com. WTF their price is 49 dollars for a stupid certificate? Your domain name was only 10 dollars
So don’t use that website. ssls.com is like $5/year for a cert.
The certification authority (CA) then needs to receive your public key and then return it signed. You don’t know how to do this, because who does? So you Google and copy and paste command line snippets from a website. Whoops!
WTF kind of terminal is this guy using that doesn’t support copying and pasting by highlighting text?
Now you’re presented with a bunch of pointless-looking questions like your country code and your “organization”. Seems pointless, right? Well now I have to live with this confidence-inspiring dialog, because I left off the organization:
No, it’s because you didn’t get a high-ev cert that verifies your organization, so the cert provider can’t vouch for it. All you’ve done is a domain verification, so that’s what the cert provider vouches for.
You send in your CRT, finally figure out how to receive mail for hostmaster@yourdomain.org because that’s what “verification” means (not, god forbid, control of the actual web site), and you get back a certificate.
Again, the same process is used for large domains where hostmaster@ is an important account. Though most providers I’ve used will also accept webmaster@ and a few other addresses.
And what if instead they go to wobsite.com instead of the www.wobsite.com that you configured? Well, better enable HSTS for the whole site, but to do anything useful with such a web request you’ll need a wildcard certificate to handle the multiple URLs
Most SSL providers these days issue the cert to work for the host you specify (with “www.”) and an alias for just the domain without a host, specifically for this reason. You don’t need a wildcard unless you need more than those two in a single cert.
Oh, I read that as “Google how to copy and paste command line snippets” and very quickly read that webpage with git commands and though it was some sort of weird tool to automate copying and pasting, ala pbcopy/pbpaste.
It seems like this person tried to make this process as difficult as possible. Granted it’s not as simple as it probably can be, but there are a lot of steps and verification because that’s the whole point of the SSL racket. You’re doing something that establishes (and can compromise) a large portion of the security of your website, and you’re requiring some other company to verify that you’re authorized to do this for your domain. Sure it seems overkill for a tiny website used by one person, but the same process has to work for huge domains run by multinational corporations.
So don’t use that website. ssls.com is like $5/year for a cert.
WTF kind of terminal is this guy using that doesn’t support copying and pasting by highlighting text?
No, it’s because you didn’t get a high-ev cert that verifies your organization, so the cert provider can’t vouch for it. All you’ve done is a domain verification, so that’s what the cert provider vouches for.
Again, the same process is used for large domains where hostmaster@ is an important account. Though most providers I’ve used will also accept webmaster@ and a few other addresses.
Most SSL providers these days issue the cert to work for the host you specify (with “www.”) and an alias for just the domain without a host, specifically for this reason. You don’t need a wildcard unless you need more than those two in a single cert.
Copying and pasting commands into the terminal was a reference to http://thejh.net/misc/website-terminal-copy-paste
Oh, I read that as “Google how to copy and paste command line snippets” and very quickly read that webpage with git commands and though it was some sort of weird tool to automate copying and pasting, ala
pbcopy/pbpaste.