Generating Your Own Security Certificates For Use With Apache/HTTPS
(Page 1 of 7 )
If you've ever wanted to provide a secure means of transmission over HTTPS, but didn't want to pay the price, this is the tutorial for you! Join Timothy as he explains how to set up a HTTPS server on the cheap.
The Secure Sockets Layer protocol (SSL) was designed as a way to easily use asymmetric encryption as a way to establish a secure connection between two computers. It calls for two computers to authenticate themselves through cryptographic means and then establishes a secure connection between two computers over which symmetrically encrypted data is passed. In the case of someone using a browser to connect to a remote server, the server authenticates itself by presenting a security certificate.
This certificate typically contains a serial number, encryption keys, the server's domain name, company name, address, the expiration date of the certificate and the details of the certification authority who issued the certificate.
The client reviews the certificate to ensure that the server is in fact "who it claims to be." It ensures the certificate has not expired, that it has been issued by an authority the client knows and trusts and that it is being used only by the website for which it has been issued.
Of course if I were setting up a full-scale business server then I'd definitelyy want to obtain a certificate from a well-known authority like VeriSign. But in reality I'm running a small personal server and want to provide a secure login area for a few friends and myself. Using OpenSSL to generate my own security certificate would be sufficient.
Perhaps another application of this would be for an Intranet server where each browser can be configured to accept the certificate without throwing an error about the chain of trust.
Configuring Apache with SSL support and creating your own security certificate is actually a pretty simple exercise; the only real difficulty (which this tutorial should remedy) was rummaging through various books and the bowels of the Internet to piece together a procedure that worked.
