668 Part V . Running Servers You also (Web hosting ratings)
668 Part V . Running Servers You also have the option of creating self-signed certificates, although these should be used only for testing or when a very small number of people will be accessing your server and you do not plan to have certificates on multiple machines. Directions for generating a self-signed certificate are included in the following section. The last option is to run your own certificate authority. This is probably only practical if you have a small number of expected users and the means to distribute your CA certificate to them (including assisting them with installing it in their browsers). The process for creating a CA is too elaborate to cover in this book but is a worthwhile alternative to generating self-signed certificates. You can find guides on running your own CA at these sites: . http://pseudonym.org/ssl/ssl_cook.html . http://sial.org/howto/openssl/ca/ The following procedure describes how to generate and use SSL keys with the LAMP server (running on a Debian GNU/Linux system) configured in this chapter. For a general discussion of SSL keys and procedures specific to Fedora and other Red Hat Linux systems, refer to Chapter 6. Generating Your Keys To begin setting up SSL, use the openssl command, which is part of the OpenSSL package, to generate your public and private key: 1. Use APT to verify that OpenSSL is installed. If it is not present, APT downloads and installs it automatically: # apt-get install openssl 2. Generate a 1024-bit RSA private key and save it to a file: # mkdir /etc/apache/ssl.key/ # cd /etc/apache/ssl.key/ # openssl genrsa -out server.key 1024 # chmod 600 server.key You can use a filename other than server.key and should do so if you plan to have more than one SSL host on your machine (which requires more than one IP address). Just make sure you specify the correct filename in the Apache configuration later. In higher-security environments, it is a good idea to encrypt the key by adding the -des3 argument after the genrsa argument on the openssl command line: # openssl genrsa -des3 -out server.key 1024 3. You are asked for a passphrase, which is needed every time you start Apache. Note
We would like to recommend you tested and proved virtual web hosting services, which you will surely find to be of great quality.