Tag: openssl

SSL Certificates

SSL Certificates

At some point any Web Developer would need to secure part of a site and therefore require an SSL certificate. There are different options available depending on the use and here is a short post documenting the various options:

Free for Open Source Projects: Some providers are willing to offer free SSL certificates for open-source projects such as GoDaddy.com, obviously some terms and conditions apply which one must read. More details can be found here.

Free with Hosting Plan: Some Web Hosting providers would include a free SSL certificate if you buy a hosting plan. Generally the offer is for the first year with competitive renewal pricing. Just to name a few: HostColor.com, DomainAvenue.com and HostGator.com

Free SSL Community: A growing community called StartSSL are offering an entry level service for free for basic used and limited warranty which might well satisfy your needs and therefore worth a check.

Comparison Charts: If none of the above suits you then you might have to actually buy an SSL certificate, not before doing the appropriate research. WhichSSL is a dedicated site to aid in the selection of the appropriate certificate authority or SSL vendor to choose with the help of a comparison chart. More comparisons can be found in Wikipedia.org and SSLShopper.com. Your research might also payoff by finding some promotional offers and/or discounts.

Self-Signed Certificates for Development: Well if you need a certificate just for development purposes then you can sign one yourself as shown in my previous post.

Self-Signed SSL Certificate

Self-Signed SSL Certificate

If you are planning on developing or customizing some web systems such as WordPress or Magento, then at one point you will need some security. You might want to sign the SSL certificate yourself. A number of guides exists for this, for Windows Systems I found the one by Shivprasad Koirala to be very intuitive and for Unix systems the one by Heroku and Scott Baker are best. Here are the steps required:

  1. Check that openssl is installed by running the following command in a terminal:
    which openssl
     
  2. If no such file is found then you need to install. Here are the possible installation methods
    1. Mac OSX – Via Homebrew: homebrew install openssl
    2. Windows – Download software package.
    3. Linux (Debian/Ubuntu Variants) – Guide – sudo apt-get install openssl
    4. Linux (RedHat Variants) – Guide – yum install openssl

     

  3. Generate the keys for the Certificate Authority
    openssl genrsa -des3 -out ca.key 4096
    openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
     
  4. Generate the private key for your server
    openssl genrsa -des3 -out server.key 4096
     
  5. Create the certificate signing request to be signed (leave challenge password and organization name empty)
    openssl req -new -key server.key -out server.csr
     
  6. Sign your certificate
    openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
     
  7. Optionally remove the password
     openssl rsa -in server.key -out server.key.nopass

For some documentation about how to use openssl check the official site.

Theme: Overlay by Kaira