Hey Anthony --
> quick question, probably a stupid one at that...
>
> do i need a secure certificate from thawte.com to
> install a secure server?
Not strictly.
> if not, what's the point of the certificate?
The point is to raise $55 million so that Mark Shuttleworth can travel in
space? Hehe...
The "serious" reason is a bit more complicated. SSL provides encryption.
That's the sole advantage for most uses. The third-party certificate
vendors are not needed if all you want is encryption.
Companies like Thawte/Verisign provide an additional facility:
Authentication of the server to which you are sending data. In theory, they
would prevent you from inadvertently submitting your super-secret data to
"amazone" instead of "amazon". Or something like that. In practice, the
only real reason seems to be to prevent those annoying dialog boxes from
popping up when you visit an "unblessed" SSL website. It's a protection
racket if you ask me.
> Can someone briefly explain the process...
To make your own "self-signed" certificate you run openssl:
1. Create a private key:
$ openssl genrsa -out httpsd.key 1024
2. Create a Certificate Signing Request (CSR):
$ openssl req -new -key httpsd.key -out httpsd.csr
2. Create self-signed certificate:
$ openssl req -x509 -days 365 -in httpsd.csr -key httpsd.key -out
httpsd.crt
TTYL,
-Jesse-
--
Jesse Erlbaum
The Erlbaum Group
[EMAIL PROTECTED]
Phone: 212-684-6161
Fax: 212-684-6226
