Adding SSL to the Homelab - Using StartSSL Free Class 1 Certificates

As can be seen in my Homelab documentation I use a subdomain (home.hazenet.dk) of my public domain (hazenet.dk), for the “always-on” part of my home and lab equipment.

Because of this, it is possible for me to use CA signed certificates from StartSSL.

StartSSL offers both paid and free certificates. The free certificates are only Class 1, which means that only the ownership of the domain is validated. Validation is done via a simple email check, you choose a specific email-prefix (e.g. “webmaster”) during validation, and a email is sent to that email of the domain (e.g. “webmaster@hazenet.dk”), which validates that you are in control of the domain.

With the domain validated at StartSSL, you are now free to generate/request as many certificates as you like, with only a few limitations.

  • Validity length is fixed to 1 year
  • Maximum of 5 different domains, but unlimited certificates within these domains
  • Only standard Web server certificates (SSL/TLS) and Client/Mail certificates (S/MIME) can be generated
  • No wildcards
  • No Subject Alternative Names
  • Revocations have a handling fee of US$ 9.90

For further information about the limits and support featues of the StartSSL Free tier, see the StartSSL Comparison and the StartSSL Products list.

Eventhough there are these limitations, the service and certificates are perfectly acceptable for homelab infrastructure.

This series of blog posts consists of the following: