In March, we introduced you to SSL Certificates. In that post, we mentioned that nearly all sites need to be using SSL. Today we will show you how to create an SSL Certificate for your site.
Choosing the Right SSL Certificate
As we mentioned in our initial introduction to SSL, there are several types of certificates available. These include extended validation (EV), organization validation (OV) and domain validated (DV) certificates. The type of certificate you need will vary according to what sort of activity, interaction or data users will encounter with your website.
Of course, there is always the possibility of creating a more customized option, known as a self-signed SSL certificate.
Creating a Self-Signed SSL Certificate
Self-signed SSL certificates are very popular with VPS users. If you’d like to create your own self-signed SSL certificate, start by verifying that you have root privileges on the server. The steps are fairly simple to follow and will be completed using command line functions:
Step 1: Activate the SSL Module on your server. Once you’ve done this, restart your server.
Step 2: Create a new directory where you can house both your server key and the actual certificate itself.
Depending on what type of server (Apache, Nginx, Lighttpd, etc.) you’re using, the following steps may not be entirely accurate. Since the majority of our customers utilize LAMP-stack instances, we will provide the steps following steps as they would be followed on an Apache server.
Step 3: Create your certificate. This part can be a bit tricky but the entire process is based in command line. After entering the initial command line prompt, both the server key and the certificate are created.
Step 4: At this point a list of fields will appear. You must provide the information requested in these fields.
Step 5: Make proper changes to the SSL configuration file to establish virtual hosts that can be used to display your certificate.
Step 6: Activate the virtual hosts you’ve created in Step 5.
Step 7: Restart your Apache server.
Step 8: Here you should be able to enter your own domain name into your browser and see the SSL Certificate appear. If this does not occur, or you receive an error message, please call us or submit a ticket right away for helping getting your certificate properly configured and activated.
Risks of Self-Signed Certificates
There is some discussion about the ability of self-signed SSL certificates to protect sites from intrusion or malicious activity. That’s because these certificates can allow for passive attacks (attacks in which the intruder is able to view the data but doesn’t actually change it in any way) against end users. It is worth noting that some advanced cyber criminals have used this technology as a means to their web-based malfeasance.
So What Should You Do?
As we mentioned in the previous article, the safest bet is to obtain an SSL Certificate. However, there is no one-size-fits-all option so the type of certificate you need will vary with your site. It’s just our firm recommendation that if you don’t have one, you need to get one. And even though self-signed SSL certificates may not be entirely safe 100% of the time, they are still more effective than not having a certificate at all. For more information about getting an SSL Certification on your server, or for assistance in doing so, file a ticket with our support team or call us directly at (877) 512-4678.