Re: Setting up an SSL Server
On Sat, Aug 03, 2002 at 05:26:54PM +0200, Teun Vink wrote:
> You can do 2 things: buy a certificate from a trusted party (e.g. Thawte
> or OpenSRS), or use an unsigned certificate. You can create an unsigned
> certificate yourself, but visitors of the https-site will be notified that
> the cert is unsigned. A certificate should cost you somewhere between $100
> and $200 a year...
To be exact, the certificate is signed in both cases, the difference is
in the signing authority. Thawte, Verisign are trusted (in theory),
your own CA (Certificate Authority) if not trusted, and that's why
most browsers complain when entering such a website.
> Installing isn't that hard. Just run "apt-get apache-ssl", and check
> http://www.apache-ssl.org for information on configuring SSL if you want
> to use apache-ssl.
Or http://www.modssl.org/ for its competitor :)
Actually the documentation on that website is precise and easy, but the
process of generating a self-signed certificate requires several runs
of openssl with special parameters. Eventually, I wrote a simple script
to make it easier.