SSLMate launched one year ago this month with the goal of improving security and privacy on the Internet by making it easier to purchase SSL certificates. Our approach, to purchase SSL certificates from the command line in a single step, was revolutionary and opened up new possibilities for automating SSL certificate provisioning and management on servers. Today, we continue the journey we started a year ago by announcing SSLMate 1.0.0, which will make SSL certificate management even easier and more automated.

Import your existing certs to SSLMate with sslmate import

SSLMate's goal is to simplify the management of SSL certificates, particularly large numbers across many servers. For instance, certificates from SSLMate automatically renew, and the renewed certificate is automatically installed on your servers, sparing you the laborious and error-prone process of manual certificate installation.

But you might already have SSL certificates from other certificate vendors. These certificates would also benefit from the central administration and automation offered by SSLMate. So, starting with SSLMate 1.0.0, you can import your existing certificates to your SSLMate account, free of charge.

Imported certificates have all the same features as native SSLMate certificates, except that they cannot be reissued or revoked (you'll need to see the original vendor for that). Otherwise, they're just like certificates purchased through SSLMate, and like SSLMate certificates, they automatically renew and install onto your servers.

To import a certificate, just run sslmate import with the paths to the private key and certificate as arguments:

sslmate import /path/to/key /path/to/cert

Although you need to specify your private key, it is not uploaded to SSLMate. Instead, the sslmate command uses it to generate a certificate signing request. This certificate signing request is uploaded to SSLMate, and we'll keep it handy so you won't have to generate a new one when it's time to renew.

The private key, the certificate, and an optimal certificate chain are copied to your SSLMate directory (/etc/sslmate by default) alongside native SSLMate certificates. To take advantage of automatic renewals, you should configure your web server to refer to the files in /etc/sslmate, and then set up a cron job or configuration management script to automatically download updated certificates to your server.

Getting SSLMate 1.0.0

If you've installed SSLMate through APT or Yum, upgrading to 1.0.0 is as simple as running apt-get update && apt-get upgrade or yum update. If you're using Homebrew, an updated formula should be available later today. Otherwise, head over to our install page or our GitHub repository to download and install the new version.

What's next?

sslmate import is just the first of several new features we'll be writing about over the coming days. Check back tomorrow to learn about DNS-based approval, an exciting feature that lets you approve certificates by creating a DNS record instead of responding to an email. Combined with Amazon Route 53, DNS approval allows certificate provisioning and renewal to be 100% automated.