Solved: Security certificates - how much to I need to spend?


With the generous help of people on this forum, my new server is up and running. However, I am having a few challenges with respect to security certificates.

To get Outlook email working, I had to install my self-signed certificate. This is not a big deal. To access webmail.domain.tld, I am again being asked to grant a security exception. Again, not a big deal.

It seems to me that I could avoid all of this if I purchased a security certificate, however, most are quite expensive. My registrar,, does sell an inexpensive one, see, but I am not sure if this suffices. This certificate seems to work for a single domain only, i.e., something.domain.tld. The wildcard version, i.e., *.domain.tld, costs more than 10 times the cost of this certificate.

As an aside, I do not plan on offering any products for sale, etc., so the certificate would be for ‘internal’ purposes only. What are your recommendations?

I’m using the certificate authority “StartSSL” ( You get free Class-1 (email/domain validated) certs there. If you need Class-2 (identity validated, allows you to create wildcart certs and multi-domain certs) you pay a fee of $59 for the validation (which is good for one year), and that enables you to create as many certs (valid for two years each) as you want.


Thanks for the reply. I think that I am most of the way to having this issue resolved. (And note, it is (I think) a minor issue since there are work-arounds).

I followed the instructions here,ssl_and_virtualmin/ to install the certificate and those on the StartSSL website.

I was able to verify that this process worked (at least in part) because I created a MS Outlook account and did not receive the warning message, “The server you are connected to is using a security certificate that cannot be verified.”

I then deleted the security exceptions contained within Firefox and restarted the browser. When I tried to access the virtualmin control panel, I received the, ‘This connection is untrusted’ warning. This led me to this set of instructions,, which I followed, but problem persists.

What step did I miss?


You may need to add a “CA Certificate”. Not all SSL certs require that, but many do, especially the less expensive ones.

You can add that in Server Configuration -> Manage SSL Certificate -> CA Certificate.

Also, find this site here helpful in diagnosing SSL certificate problems:


Thanks to the pointer to This made the problem quite obvious - the free certificate is for domain.tld and mail.domain.tld only. The domain which caused the problem is admin.domain.tld - this makes sense.

So, I need to create an exception or pay money for a wildcard certificate. I think I know which route I will be taking…