Hey Anthony -- > quick question, probably a stupid one at that... > > do i need a secure certificate from thawte.com to > install a secure server?
Not strictly. > if not, what's the point of the certificate? The point is to raise $55 million so that Mark Shuttleworth can travel in space? Hehe... The "serious" reason is a bit more complicated. SSL provides encryption. That's the sole advantage for most uses. The third-party certificate vendors are not needed if all you want is encryption. Companies like Thawte/Verisign provide an additional facility: Authentication of the server to which you are sending data. In theory, they would prevent you from inadvertently submitting your super-secret data to "amazone" instead of "amazon". Or something like that. In practice, the only real reason seems to be to prevent those annoying dialog boxes from popping up when you visit an "unblessed" SSL website. It's a protection racket if you ask me. > Can someone briefly explain the process... To make your own "self-signed" certificate you run openssl: 1. Create a private key: $ openssl genrsa -out httpsd.key 1024 2. Create a Certificate Signing Request (CSR): $ openssl req -new -key httpsd.key -out httpsd.csr 2. Create self-signed certificate: $ openssl req -x509 -days 365 -in httpsd.csr -key httpsd.key -out httpsd.crt TTYL, -Jesse- -- Jesse Erlbaum The Erlbaum Group [EMAIL PROTECTED] Phone: 212-684-6161 Fax: 212-684-6226