; microsoft.support = microsoft.support
Here's what we're going to do, in order: Generating a 1024 bit RSA private key ................ writing new private key to 'privkey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.But if you don't have a cert from a trusted third party, users will get the nasty "this is an untrusted site" warning.Aside from the fact that it looks unprofessional, it's also a real risk — in a large organization, do you assume that all users will know the difference between a legitimate key generated by your IT department, and keys generated by a malicious third party? So don't place that responsibility on your users — buy a cert.You need to make sure that the key is not world-readable, but that the certificate is.Now that we've got the certificate in place, you need to edit the Apache configuration to add SSL to your site.Generate the request, work with the CA to get the certificate, and then follow the installation and configuration steps. Self-signed certificates should really only be used in a few situations — but a lot of users fit the profile for using a self-signed certificate but fail to create one and work over plain HTTP instead.I use a self-signed certificate because I want to connect to my server securely when managing my blog using Word Press.In upcoming tutorials we'll look at securing IMAP, SMTP, and other connections, and more tips and tricks for using SSH too.While there doesn’t appear to be an immediate present danger, Digi Cert strongly encourage administrators to migrate to SHA-2 as soon as feasibly possible.