[ale] https

Jerry Z. Yu z.yu at ptek.com
Wed Feb 13 10:41:18 EST 2002




# generate your own pair of keys
openssl genrsa -des3 -rand:bigTar1.tar:bigTar2.tar:bigTar3.tar -out
your.server.com.key 1024

# generate a CSR (certificate service/signing request)
openssl req -new -key your.server.com.key -out your.server.com.csr

# instead of sending this CSR to Verisign, sign it with your own key
openssl x509 -req -days 90 -in your.server.com.csr -signkey
your.server.com.key -out your.server.com.certificate


Keep those two files private and specify locations in httpd.conf
	your.server.com.certificate
	your.server.com.key



On Wed, 13 Feb 2002, Fulton Green wrote:

#What's the best way to generate a cert on the cheap like that? Which tools
#and such?
#
#On Wed, Feb 13, 2002 at 10:16:37AM -0500, Jerry Z. Yu wrote:
#> If your whole purpose is to use SSL to encrypt the traffic versus using
#> certificate to prove to the clients that they are actually accessing your
#> site instead of some bogus sites, you can use a certificate signed by your
#> own key, by your own CA key, instead of paying Verisign or Thawte ~$130 a
#> year for one single certificate.
#
#---
#This message has been sent through the ALE general discussion list.
#See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
#sent to listmaster at ale dot org.
#

Jerry Z. Yu					+1-404-262-8544 (O)
Systems Engineer				z.yu at ptek.com
IS Support, Voicecom,				www.voicecom.com
A business unit of PTEK Holdings, Inc.		www.ptek.com


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list