Build Your Own Arcade Controls Forum
Main => Everything Else => Topic started by: Trimoor on March 17, 2005, 09:37:04 am
-
I would like to use SSL encryption on my website, if for nothing more than to keep out prying government people. How do I set up my server to do this? How do I create a self-signed certificate?
Thanks!
-
Oh I asked a question like this once. I can't remember the whole thing, but if you have cPanel it saves you a ton of time. You enter some crap into the new certificate thing and it gives you like an encoded string, then you use a program in Windows XP (you need to have IIS or something installed as a component, you can do this in add/remove programs if you have the disc) and then you type in some signing information and it gives you a certificate :) This was truly a horrible explanation since I winged it when I tried, but maybe it will jog someones memory?
-
I have a control panel, but it says SSL is disabled. The site is professionally hosted on an Apache server, so it can't be a windows program. (Besides, IIS is pure crap.)
I suppose I should ask my hosting service instead of here....
-
Yes you should, but to sign your own cert, you need to use IIS FROM YOUR OWN COMPUTER. Even if it says that SSL is disabled (meaning you can't use it anyway!) you can still generate certs.
-
you can generate your own certs on apache as well...
If you aren't the administrator to your site/server you'll probably need to contact them regardless... you just need them to turn on SSL (assuming it's been preconfigured to do so) You'll get a warning box about the certificate not being signed, but you're connection will still be encrypted.
Although not sure of the point.. or exactly what you are trying to do.
Note: your ftp uploads or downloads will still be in clear text... as will be your email to/from the server (unless you PGP it or the like)
I guess i'm saying... just having SSL enabled and surfing your site via SSL/https isn't going to keep "them" from being able to intercept whatever it is you're concerned about...
*shrug*
rampy
-
if for nothing more than to keep out prying government people.
For what its worth, the NSA can probably crack anything you use. You can use Open SSL to generate certficates.
I too am confused about what you are trying to do. SSL is mainly used for commerce transactions to verify the seller and encrypt your credit card info. SSL provides server authentication to the client, encrytion with a session key and data authentication with implicit sequence numbers. If anyone can log onto your site and view it, then it serves no purpose.