In the world of digital security, X509 is the accepted standard for Public Key Infrastructure certificates, which are used to validate the identity of servers. This validation is essential for the privacy and confidentiality that wise Internet users require before doing business on the Web. While you can purchase a certificate from one of the many commercial certificate authorities, you can also generate your own X509 certificate, which some believe to be at least as safe as a purchased certificate.
Open the Internet Information Services Manager tool, or "inetmgr." Click on “Start” and key “inetmgr” in the Search box. Press “Enter” to open the IIS Manager tool. Locate the level that you want to manage.
Double-click “Server Certificates” in the "Machine Features" view.
Click “Create Self-signed Certificate” in the "Actions" dialog.
Enter a friendly name for the X509 certificate in the “Specify a friendly name for the certificate” field. Click “OK.”
Open a browser. Enter "https://<servername>" in the URL address bar and press "Enter." A Security Alert dialog asking for permission to proceed should appear, indicating success.
Create a RSA private key with an OpenSSL command similar to the following:
openssl genrsa –des3 –out myserver.key 1024
A Triple-DES, 1024-bit encrypted key, in readable ASCII text format will be created for you.
Create the Certificate Signing Request with a command similar to the following:
openssl req -new -key myserver.key -out myserver.csr
Answer the prompts for information accurately, so that the certificate and SSL will be able to properly protect the server.
Create your self-signed X509 certificate with a command similar to the following:
openssl x509 -req -days 200 -in myserver.csr -signkey myserver.key -out myserver.crt
This certificate generated by this command is good for 200 days.
Install the private key and the X509 certificate with the following commands:
cp myserver.crt /usr/local/apache/conf/ssl.crt
cp myserver.key /usr/local/apache/conf/ssl.key
Configure your hosts with location information for your X509 certificate and keys, restart the server and test the certificate.
- QualitySSL: Generating a Certificate Signing Request (CSR) for Apache SSL using OpenSSL
- TheGeekStuff: How To Generate SSL Key, CSR and Self Signed Certificate For Apache
- Akadia: How to Create a Self-Signed SSL Certificate
- Slacksite: Generating an SSL Certificate with Apache+mod_ssl
- VisualWin: Setting up SSL with a SelfSSL certificate on Windows Server 2003
- Photo Credit Thinkstock/Comstock/Getty Images
How to Create a DER Certificate
Distinguished Encoding Rules (DER) are a way that security-focused applications can encode a file or object so that it can be signed...