Views
Self signed security Certificates
The difference between a Self signed security certificate and a security certificate signed by a trusted party is that a list of trusted parties is stored in the web browser, and therefor, with a self signed security certificate, you will be forced to add an exception or tell the browser that you trust the certificate on this server.
A self signed security certificate can be bypassed by your ISP simply because they can fool DNS (If you use there DNS) and install a different self signed certificate.
The security certificate issuer relies on checking the identity of the domain owner before issuing a certificate saying that this website belongs to this server.
The self signed security certificate serves multiple purposes, it allows the user to use SSL on a server where he or she knows the IP address of the server for example.
NOTE: For every SSL website, you need a 1 IP address, you can host any number of websites on every IP, but only ONE of the websites can run SSL, In the case of a self signed certificate you can make the certificate work with all the websites, But in this case, the error would be that the certificate does not belong to the website rather than that the certificate has not been issued by a trusted third party
So, let me describe how i would go about creating a self signed security certificate under apache 2.2, the procedure should be very similar in apache 2.0 and probably similar enough with apache 1.3
Let us start by installing the needed software on your web server, i will use debian lenny...
First we need to install some software, in debian i can do that by issuing the following command
apt-get install openssl ssl-cert
Once done, now i need to generate the private key and public key... the private key is top secret, just remember that
openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem
chmod 600 /etc/apache2/apache.pem
a2enmod ssl
Now, we will need to edit the website configuration file (On a debian distro, usually in /etc/apache2/sites-available) but yours may be different.
So, now we need to edit the apache config files..
SSLEngine on SSLCertificateFile /etc/apache2/apache.pem SSLCertificateKeyFile /etc/apache2/apache.pem
/etc/init.d/apache2 force-reload
/etc/init.d/apache2 restart
By default the server will listen for incoming HTTP requests on port 80 – and not SSL connections on port 443. So you need to enable SSL support by making sure the following lines are in the file /etc/apache2/ports.conf , if not, add them
<IfModule mod_ssl.c> Listen 443 </IfModule>
in some other distros, you only need to enter the line
Listen 443
 |
|
 |
|
| .COM | $ 8.49 |
| .NET | $ 6.49 |
| .ORG | $ 7.49 |
| .INFO | $ 1.99 |
| Compare Pricing | |
| Cheap Domains | |