I need to implement a certificate on a web server (apache). The requirement is that it must work with ssl, so I need to purchase a certificate. I would like to avoid having to buy a certificate at least for now. From your experience does anybody recomend any free certificate company, who I can count on and is known to be good and reputable? I Would appreciate answers based only on experience of using such companies.
Thank you all.
StartSSL (http://www.startssl.com/) offers a free certificate that is not self-signed. I have seen elsewhere on ServerFault of people who have recommended this service in the past.
Another option, if you're just testing, is to use a self-signed certificate.
Good for you, as your requirements are easy to satisfy, either with self-signed, private CA or public CA.
The most well known public CA for this it CAcert where you can sign up and issue certitificates to any domain you own, for free! (Although donations are encouraged).
If you want to "get your hands dirty" you can consider one of these options also: run a software like XCA or just use OpenSSL to create a certificate which is self-signed or signed with a private CA (there is a difference). Both of these software are cross-platform. XCA is a GUI program that is easy to use but not terribly well documented. OpenSSL, a command-line tool, has been around for ages and is well documented but not really that easy to use.
Quick and easy:
Generate key pairs:
GEneate CSR:
Sign CSR with private key and certificate valid for 3650 days:
In httpd.conf file, there is 'Include' parameter, which includes file for httpd-ssl.conf or something called ssl.conf -depending on your installation.
You need to copy the above three files to your apache's conf directory (somewhere you can reference them in the conf file). In httpd-ssl.conf or ssl.conf file you need to update the location as follows:
SSLCertificateFile /etc/httpd/conf/www.myexample.conf.crt
SSLCertificateKeyFile /etc/httpd/conf/www.myexample.com.key
That is it.