Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Write your own SSL Cert!

Options
  • 19-10-2005 3:18pm
    #1
    Rollo Tamasi
    Registered Users Posts: 3,514 ✭✭✭


    Hi guys, i'm in the middle of setting up a webserver from home. The server itself is Apache.

    I would like to create my own ssl cert for the server. Has anybody here written their own certs or do you know of any online resources for ssl. So far i have browsed thru :

    www.openssl.org
    www.cacert.org &
    www.startcom.org

    I would like to hear from boards members if they have attempted to do something similiar, and how they got on?


Comments

  • Options
    #2
    oneweb
    Registered Users Posts: 3,132 ✭✭✭oneweb


    Apache Tomcat has a tool that can generate keys.

    Check out
    http://tomcat.apache.org/tomcat-3.2-doc/tomcat-ssl-howto.html


    Worked very well for me :)

    It is what it's.



  • Options
    #3
    Rollo Tamasi
    Registered Users Posts: 3,514 ✭✭✭Rollo Tamasi


    it seems to be well documented! Nice! The server i'm using is Ubuntu (if that makes any difference?)


  • Options
    #4
    democrates
    Closed Accounts Posts: 2,046 ✭✭✭democrates


    I've done that before for an in-house system and oh boy what trouble we had.

    All users got the warning window where we needed them to accept the new cert as valid (this happens because it wasn't one of those shipping with browsers or linked to them via CA's), not a big problem you'd think as we explicitly flagged it on the site announcement but, users!


  • Options
    #5
    MrPinK
    Closed Accounts Posts: 1,502 ✭✭✭MrPinK


    OpenSSL has a howto for creating self-signed certs

    http://www.openssl.org/docs/HOWTO/certificates.txt


  • Options
    #6
    sector
    Registered Users Posts: 687 ✭✭✭sector


    it's not so much that you create your own cert as you generate a CR (Certifcate Request) from within you web server, ideally you post this to a CA (Certificate Authority) who is already recognised & is popular (so that they are already a trusted root CA within your given browser), then they issue you with the cert (for a fee of course) and you then register this on your web server.

    so that's the general idea but if your just say doing a private system or something that's not being accessed by the general public but on the net for example, then you can most likely install your own private CA, send the CR to yourself (ha!) and issue your webserver with a cert, the trick here is to add your own CA into the trusted root CA's of any browser that is accessing the site, that way no nasty errors.

    if ya need some code for doing this let me know but i'm sure you'll find a way.

    hope this is of some help :)


  • Advertisement
Advertisement