In the world of Internet commerce, or e-commerce, security is of paramount importance to both the Web business and the customer. Both sides of the process want and need privacy and confidentiality for the online transaction, and security certificates play a pivotal role in providing the level of trust required for secure e-commerce. Secure Socket Layer, or SSL, is the Internet protocol that uses certificates to validate identities, and to determine encryption levels for the information flow. SSL certificates can be purchased from one of many trusted certificate vendors, or you can add a self-signed SSL certificate, which many believe to be as secure as a purchased certificate.
Install Windows Internet Information Services (IIS) on your computer. Click "Start," "Control Panel," "Programs," and "Turn Windows Features on or off." Make sure the box to the left of "Internet Information Services" is either checked or shaded. When the installation is finished click "OK."
Click “Start” on the Windows desktop and key “inetmgr” in the Search box. Press “Enter” to open the Internet Information Services (IIS) Manager tool.
Find the level in the tool that you want to manage, which is normally the machine level at the top. Double-click “Server Certificates” in the Machine Features pane.
Click “Create Self-signed Certificate” in the Actions pane on the right.
Type a “friendly name” for
your new security certificate in the “Specify a friendly name for the certificate” box and click “OK.”
Open a browser, key """ rel="nofollow" target="_blank">https://<myserver>" ; in the address box, and press "Enter." You should see a Security Alert dialog requesting permission to proceed, indicating that you have added an SSL certificate.
Generate a private RSA key using the following command at the Linux command prompt:
openssl genrsa –des3 –out mysrvr.key 1024
This command creates a Triple-DES encrypted, 1024-bit key in readable ASCII text format.
Create a CSR, or certificate signing request. Send send this request to one of the several trusted certificate vendors if you intend to use it on public networks. If you intend to use it on your company intranet, you can sign it yourself. The following command will generate the CSR:
openssl req -new -key mysrvr.key -out mysrvr.csr
Answer the prompts for information accurately so that the certificate will be correct. This will allow SSL to properly protect your server.
Generate a self-signed certificate by issuing the following command:
openssl x509 -req -days 180 -in mysrvr.csr -signkey mysrvr.key -out mysrvr.crt
This command creates a X.509-compliant SSL certificate that is good for 180 days.
Put the certificate and key in the proper directory with the following commands:
cp mysrvr.crt /usr/local/apache/conf/ssl.crt