Self-Signed SSL Certificates are a great way to setup temporary test and development servers. They are also a great way to utilize Microsoft and Linux services with a small group of people such as your office staff. There seems to be a lot of confusion and head scratching out there though concerning the method and steps to properly deploy a self-signed ssl certificate amongst desktops, servers and devices of the Microsoft and Linux variations. With a series of how to posts, I plan on showing you how easy it really is to use these types of certificates to your advantage.
About SSL Certificates
SSL Certificates are digital keys used to authenticate network entities such as a client or a server. It is most famous for acting as the key for encrypted website transactions between a company’s server and an Internet user’s browser. If you ever purchase anything from an eCommerce website or accessed your bank account or other Financial Institution, you have used a Secure Socket Layer Certificate to ensure the trust between that server and your browser. SSL Certificates can also be used to secure other types of Internet Traffic such as Email including POP3, SMTP, IMAP and Microsoft Exchange.
When a client starts up a conversation with a server and requests that a Secure Socket Layer is created between the two parties, the server responds to the client with its SSL Certificate. The client can then validate the authenticity of the server ensuring that the server is who it claims to be. To authenticate that identity, the SSL Certificate is signed by a Certificate Authority (CA) such as Verisign, Thawte, a web hosting company such as Go Daddy or another trusted third party entity. The SSL Certificate comes with one of these trusted Certificate Authority signatures. When the client follows the Chain of Trust which can be checked against the CA’s public key, it can determine if the chain is acceptable by comparing the chain to the root certificates each operating system includes.
About Self-signed Certificates
A self-signed certificate differs in that it has signed itself, therefore it has no chain of trust. When a client receives such a certificate, it will warn the user that the certificate cannot be verified. Obviously, if you are attempting to setup a server and services that will be used by other Internet users you do not know, you will want to purchase a legitimate signed certificate. However, if you are attempting to set services up that will be used for internal company use, you can become your very own Certificate Authority for FREE!
Over the next few days, I will be adding addition posts to this series. I will cover the following topics:
- How to create a self-signed certificate in Microsoft Windows using OpenSSL
- How to create a self-signed certificate in Linux
- How to use the created self-signed certificate in Internet Information Server (IIS 7)
- How to use the created self-signed certificate in Microsoft Exchange 2010 enabling:
- Secure Outlook Web Access
- Secure ActiveSync for Mobile Devices
- Secure Outlook Anywhere allowing remote use of Microsoft Outlook
- How to use the created self-signed certificate in Apache 2 and LAMP
- How to use the created self-signed certificate with Linux POP3, SMTP and IMAP Services
- Replace your Webmin self-signed certificate with your own
Stay tuned for more details very soon!