Tuesday, January 25, 2011

SSL certifcates

I need to implement a certificate on a web server (apache). The requirement is that it must work with ssl, so I need to purchase a certificate. I would like to avoid having to buy a certificate at least for now. From your experience does anybody recomend any free certificate company, who I can count on and is known to be good and reputable? I Would appreciate answers based only on experience of using such companies.

Thank you all.

From serverfault redknight

  • StartSSL (http://www.startssl.com/) offers a free certificate that is not self-signed. I have seen elsewhere on ServerFault of people who have recommended this service in the past.

    Another option, if you're just testing, is to use a self-signed certificate.

    msanford : +1 self-signed.
    From James

  • Good for you, as your requirements are easy to satisfy, either with self-signed, private CA or public CA.

    The most well known public CA for this it CAcert where you can sign up and issue certitificates to any domain you own, for free! (Although donations are encouraged).

    If you want to "get your hands dirty" you can consider one of these options also: run a software like XCA or just use OpenSSL to create a certificate which is self-signed or signed with a private CA (there is a difference). Both of these software are cross-platform. XCA is a GUI program that is easy to use but not terribly well documented. OpenSSL, a command-line tool, has been around for ages and is well documented but not really that easy to use.

    redknight : I think I will go with cacart if has a proven that it is a good provider. thank you.
    From delimiter

  • Quick and easy:

    Generate key pairs:

    1. openssl genrsa -out www.myexample.com.key 2048

    GEneate CSR:

    1. openssl req -new -key www.myexample.com.key -out www.myexample.com.csr

    Sign CSR with private key and certificate valid for 3650 days:

    1. openssl x509 -in www.myexample.com.csr -out www.myexample.com.crt -req -signkey www.myexample.com.key -days 3650

    In httpd.conf file, there is 'Include' parameter, which includes file for httpd-ssl.conf or something called ssl.conf -depending on your installation.

    You need to copy the above three files to your apache's conf directory (somewhere you can reference them in the conf file). In httpd-ssl.conf or ssl.conf file you need to update the location as follows:

    SSLCertificateFile /etc/httpd/conf/www.myexample.conf.crt

    SSLCertificateKeyFile /etc/httpd/conf/www.myexample.com.key

    That is it.

    From Nikolas Sakic
Posted by Mu Cat at 12:25 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)