startssl的免费ssl证书有一年的有效期(包括登录startssl的用户登录证书和域名ssl证书)。上年申请的StartSSL的免费SSL证书快要过期了,需要renew。StartSSL证书的续期步骤和新申请证书的步骤差不多。请阅读本文并参考本站《全球唯一免费HTTPS证书颁发机构:StartSSL申请图文详细教程》
续期步骤为:
1)更新用户登录证书
2)更新域名ssl证书
在用户证书过期前两星期注册邮箱会收到类似提示邮件:
This mail is intended for the person who owns a digital certificate issued by the StartSSL Certification Authority (http://www.startssl.com/).
The Class 1, client certificate for [email protected] and serial number xxxxxx (xxxxx) is about to expire in about two weeks. Please log into the StartSSL Control Panel at https://www.startssl.com/?app=12 and get a new certificate for this purpose. Failing to update your client certificate might result in the loss of your account.
Should you have lost the client certificate which was previously issued to you, please register once again – login without the client certificate installed into your browser will not work in that case.
浏览器访问https://www.startssl.com/?app=12,如果用户证书已过期只能重新注册一个帐号了。
1、导入之前注册时得到的p12证书,然后登陆到Control Panel:
Validations Wizard -> Type: Domain Name validation -> Enter Domain Name -> Select Verification Email -> 输入Email收到的Verification code -> finish;
2、Certificates Wizard -> Certificate Target: Web Server SSL/TLS Certificate -> 输入密码或跳过 -> 保存好key -> 选择需要部署SSL的域名 -> 等待审核;
3、(收到Email审核成功的通知后) Tool Box -> Retrieve Certificate -> 选择刚申请的域名, Continue -> 保存好Certificate.
至此,得到新的SSL证书。过期时间是2013-05-10,如下图。
问题是,登陆StartSSL控制面板不是通过帐号密码,而是使用个人证书来验证的。如上图红圈处,这个人证书过期时间并无更新,仍然是2012年5月22日。所以,我们不但要renew站点的SSL证书,还要renew这个用于登陆StartSSL的证书。否则,明年(准确来说是十几天后)就无法登陆StartSSL了。(只能重新注册)
renew这个个人证书,只需重新验证EMail:
1、 Validations wizard -> Type: Email Address Validation -> Enter Email Address -> 输入Email收到的Verification code -> finish;
2、 Certificates wizard -> Certificate Target: S/MIME and Authentication Certificate -> Generate Private Key -> Select Email Address -> Your S/MIME client certificate is installed in your browser;
3、 Tool Box -> Retrieve Certificate -> 选择新申请的Email, Continue.
至此,得到新的p12个人证书。过期时间2013年5月10日。
然后再备份好这个新的p12个人证书,以备后用。