In the world of Internet commerce, or e-commerce, security is of paramount importance to both the Web business and the customer. Both sides of the process want and need privacy and confidentiality for the online transaction, and security certificates play a pivotal role in providing the level of trust required for secure e-commerce. Secure Socket Layer, or SSL, is the Internet protocol that uses certificates to validate identities, and to determine encryption levels for the information flow. SSL certificates can be purchased from one of many trusted certificate vendors, or you can add a self-signed SSL certificate, which many believe to be as secure as a purchased certificate.
Install Windows Internet Information Services (IIS) on your computer. Click "Start," "Control Panel," "Programs," and "Turn Windows Features on or off." Make sure the box to the left of "Internet Information Services" is either checked or shaded. When the installation is finished click "OK."
Click “Start” on the Windows desktop and key “inetmgr” in the Search box. Press “Enter” to open the Internet Information Services (IIS) Manager tool.
Find the level in the tool that you want to manage, which is normally the machine level at the top. Double-click “Server Certificates” in the Machine Features pane.
Click “Create Self-signed Certificate” in the Actions pane on the right.
Type a “friendly name” for your new security certificate in the “Specify a friendly name for the certificate” box and click “OK.”
Open a browser, key "https://<myserver>" in the address box, and press "Enter." You should see a Security Alert dialog requesting permission to proceed, indicating that you have added an SSL certificate.
Generate a private RSA key using the following command at the Linux command prompt:
openssl genrsa –des3 –out mysrvr.key 1024
This command creates a Triple-DES encrypted, 1024-bit key in readable ASCII text format.
Create a CSR, or certificate signing request. Send send this request to one of the several trusted certificate vendors if you intend to use it on public networks. If you intend to use it on your company intranet, you can sign it yourself. The following command will generate the CSR:
openssl req -new -key mysrvr.key -out mysrvr.csr
Answer the prompts for information accurately so that the certificate will be correct. This will allow SSL to properly protect your server.
Generate a self-signed certificate by issuing the following command:
openssl x509 -req -days 180 -in mysrvr.csr -signkey mysrvr.key -out mysrvr.crt
This command creates a X.509-compliant SSL certificate that is good for 180 days.
Put the certificate and key in the proper directory with the following commands:
cp mysrvr.crt /usr/local/apache/conf/ssl.crt
cp mysrvr.key /usr/local/apache/conf/ssl.key
Configure your hosts with the locations of the certificate and key. Restart your server and test your certificate.
- Microsoft Technet: Create a Self-signed Server Certificate in IIS 7
- Microsoft: How to create and install an SSL certificate in Internet Information Server 4.0
- VisualWin: Setting up SSL with a SelfSSL certificate on Windows Server 2003
- Microsoft Office: Create Your Own Digital Certificate
- TheGeekStuff: How To Generate SSL Key, CSR and Self Signed Certificate For Apache
- Akadia: How to create a self-signed SSL certificate
How to Use an Online Template to Create a Gift Certificate
If you want to give creative gifts with a personal touch, consider creating your own gift certificates. Make gift certificates tailored for...