SSL Certificate Series Tutorial (Practical): Use 51SSL.com to order TrustAsia’s SSL certificate for free, supporting multi-domain wildcards

Original link: https://www.blueskyxn.com/202208/6354.html

SSL证书系列教程(实战):使用51SSL.com免费订购TrustAsia的SSL证书,支持多域名通匹符

foreword

The earliest commonly used is https://freessl.cn/ , but the website recently released the LE certificate (Let’s Encrypt SSL), and only the TA certificate (TrustAsia) is retained.

The Chinese name of the TA certificate is Asia Integrity, which is obtained by Asia Digital Information Technology (Shanghai) Co., Ltd. Recently, they have also created a website called 51SSL, and Freessl.cn also clearly shows the jump entry of this website.

This article shows the process and comprehensive analysis with actual cases. Through the official 51SSL.com of the TA certificate, manually apply for the SSL certificate in the browser.

register

The registration address is https://www.51ssl.com/user/register

You need to register with an email address and a mainland mobile phone number verification code , and fill in your name and other information. Normally, you only need your email address and password to log in.

Registration does not require authentication .

feature

First of all, 51SSL is the official TA, and the filing subject is the same, so it has natural advantages when used in mainland China, because it is made by companies in mainland China. Of course, when used overseas or cross-border, there are naturally more disadvantages.

The OCSP domain name of the TA certificate seems to be http://ocsp.trust-provider.cn (but the old certificate appears to be status.digitalcertvalidation.com). After inspection, the first is the mainland CDN, and the overseas CDN is more complicated, but It looks like Alibaba Cloud International CDN. At the same time, both the registrar and the DNS provider are Alibaba Cloud.

The difference between the 51SSL official website and other platforms (such as FreeSSL, Tencent Cloud, etc.) is that the “TrustAsia Free Domain Name Multi-Domain Wildcard SSL Certificate” can be obtained for free on the official website, but the validity period is only a regular 90 days. [The free certificates of this platform are locked for 90 days, but on other platforms, you can order a one-year TA certificate for a single domain name (or dual domain names of www and root).

It seems that there is no “limit” or “promotion” that other platforms like to get, but the default 20 valid certificate limit of TA should still be there.

Since it is an official platform, the security is still better than that of the pheasant website. After all, there is no need to consider other people’s misappropriation, only need to consider whether the police will come to you. It is recommended not to use the certificate of the mainland company to make trouble.

Supported verification methods and domain names

In principle, there are three verification methods: CNAME, Email and File verification.

Generally choose CNAME (if it is a wildcard/wildcard)

Supports multiple domain names, multiple wildcards, and seems to also support IP certificates (not measured).

actual combat

Find this non-commercial product on the console as shown

QQ%E5%9B%BE%E7%89%8720220812135320.png

Generally, for simplicity, choose the browser to generate, as for whether to cloud storage, a company in mainland China, I don’t think it matters if you save it, and then the validity period can only be 90 days, this name is also the domain name/IP that is valid for SSL, I I tried it and it seems that I can fill in the IP. If it is a wildcard, it is a regular *.domain.

Then after the order is placed, an email notification will be sent to you, and then you need to set a special CNAME, one for each primary domain name

QQ%E5%9B%BE%E7%89%8720220812135415.png

Then it is recommended to lower the TTL update time, check for conflicting CNAME records, and wait 15 minutes. The biggest problem with this platform is that it cannot be submitted manually. I tested it and received a successful email notification about 15 minutes after placing the order.

QQ%E5%9B%BE%E7%89%8720220812142617.png

Then you can find the view certificate on the order page, select the format as shown in the figure, and download the certificate. PEM fills in the downloaded PEM, KEY fills in the downloaded KEY or the private key viewed on the webpage

QQ%E5%9B%BE%E7%89%8720220812142736.png

This article is reprinted from: https://www.blueskyxn.com/202208/6354.html
This site is for inclusion only, and the copyright belongs to the original author.

Leave a Comment