forked from diafygi/gethttpsforfree
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
603 lines (569 loc) · 29.2 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
<!DOCTYPE html>
<html>
<!--
Welcome to the source code for gethttpsforfree.com!
This is an open source website that is meant to be auditable. Please read
through the code to see what's going on!
Original files:
/index.html - This page
/js/index.js - The interaction behavior for this page
Third-party libraries (all from asn1.js package):
/js/asn1js/int10.js - Needed for asn1.js
/js/asn1js/hex.js - Convert hex to binary array
/js/asn1js/base64.js - Convert base64 to binary array
/js/asn1js/asn1.js - Parse ASN.1 format used in x.509 certificates
/js/asn1js/LICENSE - The license for the above asn1.js files
Released under MIT License. Enjoy!
-->
<head>
<title>Get HTTPS for free!</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<style>
*{box-sizing:border-box;}
div{margin:15px 0px;}
.error{color:#ff1111;}
.field{width:100%;max-width:600px;}
body{background-color:#fafafa;}
li{margin-bottom:10px;}
h1{border-bottom:solid black 1px;padding-bottom:15px;}
input[type="text"]{width:100%;}
textarea{width:100%;height:120px;white-space:pre;}
.help{float:right;font-size:12px;}
.help-content{display:inline-block;width:100%;max-width:600px;margin:5px 0px 10px 0px;padding:10px;background-color:#eeeeee;border:2px solid #bbbbbb;}
code{display:inline-block;margin:5px 0px;padding:5px;background-color:#ffffff;}
pre{margin:5px 0px;padding:5px;overflow:auto;background-color:#ffffff;}
.tabsection{margin:0px;}
.options{margin:0px;padding:0px;}
.options li{display:inline-block;margin:0px;padding:0px;}
.options a{display:inline-block;margin:0px;padding:6px 12px;font-size:13px;}
.options a.active{background-color:#eeeeee;}
.tab{background-color:#eeeeee;margin:0px;padding:15px 15px 1px 15px;}
.tab .help-content{background-color:#ffffff;}
.tab .help-content a{display:inline-block;width:100%;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;}
.tab code{background-color:#eeeeee;}
.tab pre{background-color:#eeeeee;}
.tab textarea{height:105px;}
.footer{font-size:12px;}
</style>
<script src="js/asn1js/int10.js"></script>
<script src="js/asn1js/base64.js"></script>
<script src="js/asn1js/hex.js"></script>
<script src="js/asn1js/asn1.js"></script>
</head>
<body>
<!--#############-->
<!--## Intro ##-->
<!--#############-->
<h1>Get HTTPS for free!</h1>
<h2 id="digest_error" class="error" style="display:none;">
ERROR: Your browser is not compatible with this website (this website
needs WebCryptoAPI's crypto.subtle.digest()). Please upgrade to a modern
browser (Firefox, Chrome, Safari, IE 11+).
</h2>
<div>
You can now get free https certificates from the non-profit certificate
authority <a href="https://letsencrypt.org/" target="_blank">Let's Encrypt</a>!
This is a website that will take you through the manual steps to get your free
https certificate so you can make your own website use https! This website is
<a href="https://github.com/diafygi/howtogetfreehttps" target="_blank">open source</a>
and <strong>NEVER</strong> asks for your private keys. Never trust a website
that asks for your private keys!
<!--TODO-->
<!--<a href="renew.html">Click here</a> to renew certs.-->
<!--<a href="revoke.html">Click here</a> to revoke certs.-->
</div>
<div>
<b>NOTE: This website is for people who know how to generate certificate signing
requests (CSRs)!</b> If you're not familiar with how to do this, please use the
official Let's Encrypt <a href="https://github.com/letsencrypt/letsencrypt" target="_blank">client</a>
that can automatically issue and install https certificates for you. This
website is designed for people who know what they are doing and just want to get
their free https certificate.
</div>
<hr/>
<!--############################-->
<!--## Step 1: Account Info ##-->
<!--############################-->
<h2>Step 1: Account Info</h2>
<div>
Let's Encrypt requires that you register an account email and public key before
issuing a certificate. The email is so that they can contact you if needed, and
the public key is so you can securely sign your requests to issue/revoke/renew
your certificates. <i><b>Keep your account private key secret!</b> Anyone who has it
can impersonate you when making requests to Let's Encrypt!</i>
</div>
<div class="field">
<label for="email">Account Email:</label><br/>
<input id="email" type="text" placeholder="(e.g. [email protected])"/>
</div>
<div class="field">
<a id="howto_pubkey" class="help" href="#">(how do I generate this?)</a>
<div id="howto_pubkey_content" class="help-content" style="display:none;">
How to generate a new account keypair using openssl:<br/>
<ol>
<li>
Generate an account private key if you don't have one:<br/>
(KEEP ACCOUNT.KEY SECRET!)<br/>
<code>openssl genrsa 4096 > account.key</code>
</li>
<li>
Print your public key:<br/>
<code>openssl rsa -in account.key -pubout</code>
</li>
<li>
Copy and paste the public key into the box below.<br/>
</li>
</ol>
</div>
<label for="pubkey">Account Public Key:</label><br/>
<textarea id="pubkey" placeholder="-----BEGIN PUBLIC KEY----- ..."></textarea>
</div>
<div class="field">
<input id="validate_account" type="submit" value="Validate Account Info"/>
<span id="validate_account_status" style="display:none;"></span>
</div>
<hr/>
<!--###########################################-->
<!--## Step 2: Certificate Signing Request ##-->
<!--###########################################-->
<h2>Step 2: Certificate Signing Request</h2>
<div>
This is the certificate signing request (CSR) that you send to Let's Encrypt
in order to issue you a signed certificate. It contains the website domains you
want to issue certs for and the public key of your TLS private key. <i><b>Keep your
TLS private key secret!</b> Anyone who has it can man-in-the-middle your website!</i>
</div>
<div class="field">
<a id="howto_csr" class="help" href="#">(how do I generate this?)</a>
<div id="howto_csr_content" class="help-content" style="display:none;">
How to generate a new Certificate Signing Request (CSR):<br/>
<ol>
<li>
Generate a TLS private key if you don't have one:<br/>
(KEEP DOMAIN.KEY SECRET!)<br/>
<code>openssl genrsa 4096 > domain.key</code>
</li>
<li>
Generate a CSR for your the domains you want certs for:</br>
(replace "foo.com" with your domain)</br>
Linux:
<pre>
#change "/etc/ssl/openssl.cnf" as needed:
# Debian: /etc/ssl/openssl.cnf
# RHEL and CentOS: /etc/pki/tls/openssl.cnf
# Mac OSX: /System/Library/OpenSSL/openssl.cnf
openssl req -new -sha256 -key domain.key -subj "/" \
-reqexts SAN -config <(cat /etc/ssl/openssl.cnf \
<(printf "[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com"))
</pre>
</li>
<li>
Copy and paste the CSR into the box below.<br/>
</li>
</ol>
</div>
<label for="csr">Certificate Signing Request:</label><br/>
<textarea id="csr" placeholder="-----BEGIN CERTIFICATE REQUEST----- ..."></textarea>
</div>
<div class="field">
<input id="validate_csr" type="submit" value="Validate CSR"/>
<span id="validate_csr_status" style="display:none;"></span>
</div>
<hr/>
<!--#############################-->
<!--## Step 3: Sign Requests ##-->
<!--#############################-->
<h2>Step 3: Sign API Requests<span id="step3_pending"> (waiting...)</span></h2>
<div id="step3" style="display:none;">
<div>
Let's Encrypt requires that you sign all of your requests to them with your
account private key. Below are the requests that you will need to sign. The
commands to do this are generated below so you can copy-and-paste them into your
terminal. <i>Be sure to change the account private key location so it points to
your real private key.</i>
</div>
<div class="field">
<a id="howto_sign1" class="help" href="#">(how do I do this?)</a>
<div id="howto_sign1_content" class="help-content" style="display:none;">
How to generate the needed signatures:<br/>
<ol>
<li>
Copy and paste each command below into your terminal (if your
account private key isn't at "./account.key", change "./account.key"
in the command to wherever it exists).
</li>
<li>
Copy and paste the hex encoded signature output from the command
into the text field below that command.
</li>
</ol>
</div>
<label>Run these signature commands in your terminal:</label><br/>
<span id="step3_commands">
</span>
<span id="signing_template" style="display:none;">
<input type="text" value="echo ..." readonly/><br/>
<input id="challenge_sig_foobar_com" type="text" placeholder='Paste the hex output here (e.g. "(stdin)= f2cf67e4...")'/><br/>
</span>
</div>
<div class="field">
<input id="validate_initial_sigs" type="submit" value="Validate Signatures"/>
<span id="validate_initial_sigs_status" style="display:none;"></span>
</div>
</div>
<hr/>
<!--##########################-->
<!--## Step 4: Challenges ##-->
<!--##########################-->
<h2>Step 4: Verify Ownership<span id="step4_pending"> (waiting...)</span></h2>
<div id="step4" style="display:none;">
<div>
Let's Encrypt requires you prove you own the domains you have in your CSR. You
can do this by serving a specific file at a specific url under your domains.
Below are the files you need to serve along with some copy-and-paste commands
you can run on your website to start serving the file. Once you are serving
the file on your website, click "I'm now running this on...". After that, you
need to tell Let's Encrypt to check the above files to verify ownership of your
domains. This request needs to be signed with your account private key. Below
are the verification requests that you will need to sign. The commands to do
this are generated below so you can copy-and-paste them into your terminal.
<i>Be sure to change the account private key location so it points to your real
private key.</i>
</div>
<div id="challenge_domains">
</div>
<div id="challenge_template" style="display:none;">
<h3>Domain: <span class="domain">foobar.com</span></h3>
<div class="field">
<a class="howto_sign help" href="#">(how do I do this?)</a>
<div class="howto_sign_content help-content" style="display:none;">
How to generate the needed signatures:<br/>
<ol>
<li>
Navigate in the terminal to the directory with account private
key ("account.key" or whatever you named it).
</li>
<li>
Copy and paste each command below into your terminal (if your
account private key isn't named "account.key", change "account.key"
in the command to whatever you named it).
</li>
<li>
Copy and paste the hex encoded signature output from the command
into the text field below that command.
</li>
</ol>
</div>
<label>Run this signature command in your terminal:</label><br/>
<span class="step4_commands">
</span>
</div>
<div class="field tabsection">
<ul class="options">
<li><a href="#">Option 1 - python server</a></li
><li><a href="#">Option 2 - file-based</a></li>
</ul>
<div class="tab">
<a class="howto_serve help" href="#">(how do I do this?)</a>
<div class="howto_serve_content help-content" style="display:none;">
How to serve the challenge response on your domain:<br/>
<ol>
<li>
SSH into your domain as someone with sudo permissions:<br/>
<code class="ssh">ssh [email protected]</code>
</li>
<li>
Stop any webserver running on port 80, if any. If you had previously
been running another python command, you can kill it with Ctrl+C):<br/>
<code>sudo service nginx stop</code> <-- example for nginx<br/>
<code>sudo apachectl -k graceful-stop</code> <-- example for apache
</li>
<li>
Copy and paste the python command below into your terminal. This
command starts a temporary webserver that serves nothing but the
challenge response. You only need to keep this running briefly.
</li>
<li>
Open the link in a new window to make sure it's working:<br/>
<a target="_blank"></a>
</li>
<li>
Click "I'm now running this command..." button when the file is being
served on your domain.
</li>
</ol>
</div>
<label>Run this command on <span class="domain">foobar.com</span>'s server:</label><br/>
<textarea readonly></textarea>
<div>
<input type="submit" value="I'm now running this command on foobar.com"/>
<span style="display:none;"></span>
</div>
</div>
<div class="tab">
<a class="howto_file help" href="#">(how do I do this?)</a>
<div class="howto_file_content help-content" style="display:none;">
How to host this file on your server:<br/>
<ol>
<li>
SSH into your domain as someone with write access to
your static web directory:<br/>
<pre class="ssh">ssh [email protected]</pre>
</li>
<li>
Create the ".well-known/acme-challenge/" directory
in your webserver's static file path:<br/>
<pre class="wwwdir">mkdir -p /path/to/www/.well-known/acme-challenge/</pre>
<li>
Add the static folder to your webserver's config
(if you haven't already):<br/>
<pre class="nginx_location">server {...</pre>
</li>
<li>
Create the file with the necessary contents:<br/>
<pre class="file_cmd">echo ...</pre>
</li>
<li>
Open the link in a new window to make sure it's working:<br/>
<a target="_blank"></a>
</li>
<li>
Click "I'm now serving this file..." button when the file is being
served on your domain.
</li>
</ol>
</div>
<label>Under this url:</label><br/>
<input type="text" class="file_url" value="" readonly/>
<div>
<label>Serve this content:</label>
<input type="text" class="file_data" value="" readonly/>
</div>
<div>
<input type="submit" class="file_submit" value="I'm now serving this file on foobar.com"/>
<span style="display:none;"></span>
</div>
</div>
</div>
</div>
</div>
<hr/>
<!--#################################-->
<!--## Step 5: Issue Certificate ##-->
<!--#################################-->
<h2>Step 5: Install Certificate (<span id="step5_pending">waiting...</span>)</h2>
<div id="step5" style="display:none;">
<div>
Congratulations! Let's Encrypt has issued you a certificate for your domains!
Below is the signed certificate you can use on your website to
</div>
<div class="field">
<a id="howto_install" class="help" href="#">(how do I install this?)</a>
<div id="howto_install_content" class="help-content" style="display:none;">
How to install https on nginx or apache:<br/>
<ol>
<li>
Copy and paste both the below domain certificate and the below
intermediate certificate into the same text file called "chained.pem".
</li>
<li>
If not done already, generate non-default dhparams.<br/>
<code>openssl dhparam -out dhparam.pem 4096</code>
</li>
<li>
Copy "chained.pem" and "dhparam.pem" to /etc/ssl/certs/.<br/>
<pre>
scp chained.pem [email protected]:/etc/ssl/certs/chained.pem
scp dhparam.pem [email protected]:/etc/ssl/certs/dhparam.pem
</pre>
</li>
<li>
Copy "domain.key" /etc/ssl/private/.<br/>
<code>scp domain.key [email protected]:/etc/ssl/private/domain.key</code><br/>
</li>
<li>
Update your webserver config to use https (examples below).<br/>
Nginx:
<pre>
server {
listen 443;
server_name foo.com;
ssl on;
ssl_certificate /etc/ssl/certs/chained.pem;
ssl_certificate_key /etc/ssl/private/domain.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:50m;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_prefer_server_ciphers on;
location / {
return 200 'Hello world!';
add_header Content-Type text/plain;
}
}
</pre>
Apache:
<pre>
<VirtualHost _default_:443>
ServerName foo.com:443
ServerAlias www.foo.com:443
DocumentRoot /var/www/foo.com/html
SSLEngine on
SSLCertificateFile /etc/ssl/certs/chained.pem
SSLCertificateKeyFile /etc/ssl/private/domain.key
SSLProtocol all -SSLv2 -SSLv3
SSlCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
SSLHonorCipherOrder on
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
<Directory /var/www/foo.com/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
</pre>
</li>
</ol>
</div>
<label for="csr">Signed Certificate:</label><br/>
<textarea id="crt" readonly></textarea>
</div>
<div class="field">
<label for="csr">Intermediate Certificate:</label><br/>
<textarea readonly>
-----BEGIN CERTIFICATE-----
MIIHAjCCBeqgAwIBAgIQfwAAAQAAAUmAvXTS3iWN1jANBgkqhkiG9w0BAQsFADBa
MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MRcwFQYDVQQLEw5UcnVz
dElEIFNlcnZlcjEeMBwGA1UEAxMVVHJ1c3RJRCBTZXJ2ZXIgQ0EgQTUyMB4XDTE0
MTEwNTE2MTU0MFoXDTE3MTEwNDE1MTU0MFowfzEYMBYGA1UEAxMPbGV0c2VuY3J5
cHQub3JnMSkwJwYDVQQKEyBJTlRFUk5FVCBTRUNVUklUWSBSRVNFQVJDSCBHUk9V
UDEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzETMBEGA1UECBMKQ2FsaWZvcm5pYTEL
MAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKyGpX
JC7lnKPJ0gj2kSBquPJj+QIsUnJ8Zq8zxUVMt2XkdoAspzkJPto0pDijpzDJ/bOx
fTV+uhOY3evOagDmNMYD6UjLAoVzlJftjmO3ZpHuoRBGqKxUICvc/VfFhniyjM7d
ekzHCvNjhHPDIt5XjiFmGXz9vnYx0POT4USMaf/twVXWNMW99cCjsCYnxl7fSAqH
E0Mso8wYx5JKLM2kM58pJDrIwDtKqZ2SD5JPbtBwwom2Q9pl2JKMy+TiabUk88N1
AGZ0WQoMPsNg0YAWu4/V4GV/9xm8GV6He8F9nbynuEqLaA0hDRq1Du35rkgiVR12
XjwcLdl1GTF0ROBVAgMBAAGjggOdMIIDmTAOBgNVHQ8BAf8EBAMCBaAwggInBgNV
HSAEggIeMIICGjCCAQsGCmCGSAGG+S8ABgMwgfwwQAYIKwYBBQUHAgEWNGh0dHBz
Oi8vc2VjdXJlLmlkZW50cnVzdC5jb20vY2VydGlmaWNhdGVzL3BvbGljeS90cy8w
gbcGCCsGAQUFBwICMIGqGoGnVGhpcyBUcnVzdElEIFNlcnZlciBDZXJ0aWZpY2F0
ZSBoYXMgYmVlbiBpc3N1ZWQgaW4gYWNjb3JkYW5jZSB3aXRoIElkZW5UcnVzdCdz
IFRydXN0SUQgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vc2Vj
dXJlLmlkZW50cnVzdC5jb20vY2VydGlmaWNhdGVzL3BvbGljeS90cy8wggEHBgZn
gQwBAgIwgfwwQAYIKwYBBQUHAgEWNGh0dHBzOi8vc2VjdXJlLmlkZW50cnVzdC5j
b20vY2VydGlmaWNhdGVzL3BvbGljeS90cy8wgbcGCCsGAQUFBwICMIGqGoGnVGhp
cyBUcnVzdElEIFNlcnZlciBDZXJ0aWZpY2F0ZSBoYXMgYmVlbiBpc3N1ZWQgaW4g
YWNjb3JkYW5jZSB3aXRoIElkZW5UcnVzdCdzIFRydXN0SUQgQ2VydGlmaWNhdGUg
UG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vc2VjdXJlLmlkZW50cnVzdC5jb20vY2Vy
dGlmaWNhdGVzL3BvbGljeS90cy8wHQYDVR0OBBYEFJw3Eum8SMFAaDP3gCqgvuIj
hRbnMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly92YWxpZGF0aW9uLmlkZW50cnVz
dC5jb20vY3JsL3RydXN0aWRjYWE1Mi5jcmwwgYQGCCsGAQUFBwEBBHgwdjAwBggr
BgEFBQcwAYYkaHR0cDovL2NvbW1lcmNpYWwub2NzcC5pZGVudHJ1c3QuY29tMEIG
CCsGAQUFBzAChjZodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL2NlcnRz
L3RydXN0aWRjYWE1Mi5wN2MwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MB8GA1UdIwQYMBaAFKJWJDzQ1BW56L94oxMQWEguFlThMC8GA1UdEQQoMCaCD2xl
dHNlbmNyeXB0Lm9yZ4ITd3d3LmxldHNlbmNyeXB0Lm9yZzANBgkqhkiG9w0BAQsF
AAOCAQEAipndRUuMkBFtqrvU4sUGZNtVhwhmgNkssiWVhzceiVovSQJVUe1IXfCX
ayEoYkM2M1RWgNROYupws6xH7L01wxHfLii0xabI75pqX2duiEUobaAt0wzKVZSj
QGaH5ZY+gqgV15vq+06iwPugPYxt6wl5g4OWLrPNGUli7cALHHRITwala2Wzn2b0
WFDnmY/9eYqmv2fMSjvAKC3WGta9Mh2PcrG7AvC79SJCcnMiGSQiyM3tdgVIyFnU
H0ZUvmOZAD41MnJYnTrmj4TYY0PQ+ImFLEexYe1lSpu4QX9IJk1q03LaTnCHIIFy
NFqPgg04bEypctzAG6VsRCPf+afjgg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIG3zCCBMegAwIBAgIQAJv84kD9Vb7ZJp4MASwbdzANBgkqhkiG9w0BAQsFADBK
MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu
VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMzIwMTgwNTM4WhcNMjIw
MzIwMTgwNTM4WjBaMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MRcw
FQYDVQQLEw5UcnVzdElEIFNlcnZlcjEeMBwGA1UEAxMVVHJ1c3RJRCBTZXJ2ZXIg
Q0EgQTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2nXmZiFAj/p
JkJ26PRzP6kyRCaQeC54V5EZoF12K0n5k1pdWs6C88LY5Uw2eisdDdump/6REnzt
cgG3jKHF2syd/gn7V+IURw/onpGPlC2AMpOTA/UoeGi6fg9CtDF6BRQiUzPko61s
j6++Y2uyMp/ZF7nJ4GB8mdYx4eSgtz+vsjKsfoyc3ALr4bwfFJy8kfey+0Lz4SAr
y7+P87NwY/r3dSgCq8XUsO3qJX+HzTcUloM8QAIboJ4ZR3/zsMzFJWC4NRLxUesX
3Pxbpdmb70BM13dx6ftFi37y42mwQmYXRpA6zUY98bAJb9z/7jNhyvzHLjztXgrR
vyISaYBLIwIDAQABo4ICrzCCAqswgYkGCCsGAQUFBwEBBH0wezAwBggrBgEFBQcw
AYYkaHR0cDovL2NvbW1lcmNpYWwub2NzcC5pZGVudHJ1c3QuY29tMEcGCCsGAQUF
BzAChjtodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL3Jvb3RzL2NvbW1l
cmNpYWxyb290Y2ExLnA3YzAfBgNVHSMEGDAWgBTtRBnA0/AGi+6ke75C5yZUyI42
djAPBgNVHRMBAf8EBTADAQH/MIIBMQYDVR0gBIIBKDCCASQwggEgBgRVHSAAMIIB
FjBQBggrBgEFBQcCAjBEMEIWPmh0dHBzOi8vc2VjdXJlLmlkZW50cnVzdC5jb20v
Y2VydGlmaWNhdGVzL3BvbGljeS90cy9pbmRleC5odG1sMAAwgcEGCCsGAQUFBwIC
MIG0GoGxVGhpcyBUcnVzdElEIFNlcnZlciBDZXJ0aWZpY2F0ZSBoYXMgYmVlbiBp
c3N1ZWQgaW4gYWNjb3JkYW5jZSB3aXRoIElkZW5UcnVzdCdzIFRydXN0SUQgQ2Vy
dGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vc2VjdXJlLmlkZW50cnVz
dC5jb20vY2VydGlmaWNhdGVzL3BvbGljeS90cy9pbmRleC5odG1sMEoGA1UdHwRD
MEEwP6A9oDuGOWh0dHA6Ly92YWxpZGF0aW9uLmlkZW50cnVzdC5jb20vY3JsL2Nv
bW1lcmNpYWxyb290Y2ExLmNybDA7BgNVHSUENDAyBggrBgEFBQcDAQYIKwYBBQUH
AwIGCCsGAQUFBwMFBggrBgEFBQcDBgYIKwYBBQUHAwcwDgYDVR0PAQH/BAQDAgGG
MB0GA1UdDgQWBBSiViQ80NQVuei/eKMTEFhILhZU4TANBgkqhkiG9w0BAQsFAAOC
AgEAm4oWcizMGDsjzYFKfWUKferHD1Vusclu4/dra0PCx3HctXJMnuXc4Ngvn6Ab
BcanG0Uht+bkuC4TaaS3QMCl0LwcsIzlfRzDJdxIpREWHH8yoNoPafVN3u2iGiyT
5qda4Ej4WQgOmmNiluZPk8a4d4MkAxyQdVF/AVVx6Or+9d+bkQenjPSxWVmi/bfW
RBXq2AcD8Ej7AIU15dRnLEkESmJm4xtV2aqmCd0SSBGhJHYLcInUPzWVg1zcB5EQ
78GOTue8UrZvbcYhOufHG0k5JX5HVoVZ6GSXKqn5kqbcHXT6adVoWT/BxZruZiKQ
qkryoZoSywt7dDdDhpC2+oAOC+XwX2HJp2mrPaAea1+E4LM9C9iEDtjsn5FfsBz0
VRbMRdaoayXzOlTRhF3pGU2LLCmrXy/pqpqAGYPxyHr3auRn9fjv77UMEqVFdfOc
CspkK71IGqM9UwwMtCZBp0fK/Xv9o1d85paXcJ/aH8zg6EK4UkuXDFnLsg1LrIru
+YHeHOeSaXJlcjzwWVY/Exe5HymtqGH8klMhy65bjtapNt76+j2CJgxOdPEiTy/l
9LH5ujlo5qgemXE3ePwYZ9D3iiJThTf3tWkvdbz2wCPJAy2EHS0FxHMfx5sXsFsa
OY8B7wwvZTLzU6WWs781TJXx2CE04PneeeArLpVLkiGIWjk=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGjzCCBXegAwIBAgIQCgFBQgAAAUjHb/QhAAAAAjANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE0MDkyNTE2MjgwM1oXDTIxMDkyOTE2MjgwM1ow
SjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUlkZW5UcnVzdDEnMCUGA1UEAxMeSWRl
blRydXN0IENvbW1lcmNpYWwgUm9vdCBDQSAxMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEAp1AZ3j+ZPdQzRvFvUWGCsqlPj2eJXYTZU90MKNnX8P+ulUNy
mfm1XXyKwULhMVB00YENfM2bIatD4qytXoZu8wmKH1oyvaLrlPnoXArs/5jSr3Gz
tFOfTofvkry97E8yMIhLF15XxFPC9gKXjdliK78kH2KN38O4KUtJeDyTYIgi/Jna
NsjCotQsVABnNW5zvwJY8KTd5bCiJnrK4DalGRb1/bfvrj9A9W1aBP3ONMok3HQj
G10zExJdxAEl9jDdAl2f4NVHvbTrG6G7SUnYn1sC84rkJJDkYk9Pwa+LDnQXqNFy
iGp6AUnMtEZ5xhex2pgeB1n6dSGFZd2QVs77q6VgncSd+VKwi72H+Y8rIwojdjv3
M+HJAPNp+Uui4E68fpM5hAf3RHB+/gda5bGs0RjM8jXlSUkIylbJPfsPGH2LO8ET
wk2PyU8ON+kfoQ5q32IuyzUGUXksyCU49PpLp4lcnNLjDTmGSnR81VmHwj9ODFxS
9D33UoLx6qOs/Uk0GijzQYg6E+7o3v+ZHV+6y+ge8rlQYMAx03Pl776g7TMLdL4g
IMRnbPAIA3pVgH9GTpan9B4+4fbYCeEzZCtj1zJen/nAew94b5e8k5r5nBKQeHqA
hxXXcnScVXR4sbrhbnAEuk+gumjDe/8x8HM9PZQqsQtBDqD+TYhla3kztNcCAwEA
AaOCAnowggJ2MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMIIB
OwYDVR0gBIIBMjCCAS4wggEgBgpghkgBhvkvAAYDMIIBEDBKBggrBgEFBQcCARY+
aHR0cHM6Ly9zZWN1cmUuaWRlbnRydXN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5
L3RzL2luZGV4Lmh0bWwwgcEGCCsGAQUFBwICMIG0GoGxVGhpcyBUcnVzdElEIFNl
cnZlciBDZXJ0aWZpY2F0ZSBoYXMgYmVlbiBpc3N1ZWQgaW4gYWNjb3JkYW5jZSB3
aXRoIElkZW5UcnVzdCdzIFRydXN0SUQgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5k
IGF0IGh0dHBzOi8vc2VjdXJlLmlkZW50cnVzdC5jb20vY2VydGlmaWNhdGVzL3Bv
bGljeS90cy9pbmRleC5odG1sMAgGBmeBDAECAjAdBgNVHQ4EFgQU7UQZwNPwBovu
pHu+QucmVMiONnYwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1
c3QuY29tL0RTVFJPT1RDQVgzQ1JMLmNybDB0BggrBgEFBQcBAQRoMGYwJwYIKwYB
BQUHMAGGG2h0dHA6Ly94M29jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYv
aHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2Mw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFMSnsaR7
LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBCwUAA4IBAQCbP0c+3/S41PsnTFX/
AKPPSy3mMeUaoSVK0jN0UNxiDqtETfEZgreu1nDuoorOm4aFGTQwg4C4McARA8q1
94Uhzg4I0uZWWhzzrOiPKpIfPaUwN9dT3k7+HzphLgfTy/HHZAas3U5PqwbNKplr
pfbFZgvfrXa8wwXRTlrfteNNuKOzx0k0SOIuM0yNJJDuNB2pH93dw6tO2FPFnfs/
wCdiJCGYhMfMiP4Uaa+BDaI7yvhRuOSNHFzts14kPrBPffR5j9zQXE6QO/1AHXh1
wB7rghCQydP2OcSLRViNtpwGOPysyaiHrQLOBghl7gP/594bTkj631rncS4F1zgR
yx7B
-----END CERTIFICATE-----
</textarea>
</div>
<div class="field">
<form action="https://www.ssllabs.com/ssltest/analyze.html" target="_blank">
<input id="ssltest_domain" type="hidden" name="d" value="foobar.com">
<input type="submit" value="Test my install"/>
</form>
</div>
</div>
<hr/>
<div class="footer">
This website is static, so it can be saved and loaded locally. Just right-click and "Save Page As.."!<br/>
Released under MIT license | Source code: <a href="https://github.com/diafygi/gethttpsforfree" target="_blank">https://github.com/diafygi/gethttpsforfree</a>
</div>
<script src="js/index.js"></script>
</body>
</html>