Skip To Main Content | Home | Sitemap | Contact
Latest Visitors: United States's flagUnited States's flagUnited States's flagUnited States's flagRussian Federation's flagUnited States's flagUnited States's flagUnited States's flagUnited States's flagUnited States's flagChina's flagChina's flagUnited States's flagBrazil's flagIreland's flagIndia's flagUnited States's flagUnited Kingdom's flagGermany's flagUnited States's flagCanada's flagCanada's flagUnited States's flagBrazil's flagSweden's flag

How can you issue your own SSL certificate?


You don't want to buy a SSL certificate?  You don't have to.

When you buy a SSL certificate, what you are purchasing is trust.  Is Thawte, Verisign or GeoTrust really vouching for you?  Do they really know you are who you say you are?

For the most part, the answer is, at best, a qualified yes.  However, all now have some form of a "Quick SSL" certificate, that basically checks to see that you have e-mail and a telephone number.  Hardly stellar references.  So, why would you pay them for a certificate?

The main reason you buy a certificate is that these companies are root certificate signers.  They sign your certificate with their root certificate so it will automatically be accepted without question in modern web browsers.

That does not make their certificate any more secure than one you issue yourself.  It simply makes their certificate more trusted.  Whoever is browsing your web site will have to accept your certificates validity which some may not be willing to do.

Am I advocating that you issue your own certificate for eCommerce?  Heck no!  You would lose to many potential customers.  There are also various spoofing attacks that can be carried out to fake your site, so self certificates are not at all acceptable for eCommerce. 

If you are building a business to business site, simply need to secure a web communications channel, or are working off a development web server, there is no need to incur the expense of a root signed SSL certificate.  Issue your own.  You can verify your identity with business customers and employees without the need for a root signed certificate.

[Interesting related article on Phishers using Self-Signed Certs]

IIS 6.x on Windows Server 2003 and IIS 5.1 on Windows XP

If you are using IIS as the web server, this is trivial...

The IIS 6.0 Resource Kit version 1.0 was released 5/30/2003. It contains a utility called SelfSSL.exe for instantly creating and installing a self-signed testing certificate into IIS. The resource kit is freely downloadable from the Microsoft website. Although the tool is intended for IIS 6.0 (2003 server), it works just as well on IIS 5.1 (XP Pro). It is so simple to use that no instructions are required beyond the pointer to the download.  The default values create a one year certificate.  You can change that to a larger number of days if you want.  The first link will get you the download, the second has screen shot examples if you need them.

http://www.microsoft.com/downloads/details.aspx?familyid=56FC92EE-A71A-4C73-B628-ADE629C89499&displaylang=en

http://www.visualwin.com/SelfSSL/

 

Apache

If you have a Linux server or are using Apache, you can self cert using OpenSSL.

http://www.ilug-cal.org/2002/09/23/setting-up-apache-and-openssl-using-self-signed-certificates/





This Weeks Most Popular Pages Newest Pages

Date Validation Using JavaScript . 

Cross-Browser Clipboard Copy . 

Loading Images With Remote Scripting . 

Why JavaScript In Hyperlinks Is Bad . 

AES Encryption Using ASP . 

Change The Submit Button To Show Waiting For AJAX Response . 

European Date Validation Using JavaScript . 

Pop Over Form . 

Database Results To Client Side Array . 

Reading Files With JavaScript . 

Image CAPTCHA . 

AJAX For Plain Text And HTML . 

Simple CAPTCHA Using ASP . 

JavaScript Barchart . 

Browser Capabilities Test . 

PrintBookmark
Comment