Getting an SSL Cert

From Zanecorpwiki

Certain ymake processes will generate an self-signed SSL certificate automatically for securing internal or intra-company processes. (TODO: reference.) This tutorial is primarily about commercial (aka, rip off) SSL certificates from third parties, though it does address the steps to manually create a self-signed cert.

1. generate the 'certificate request' with: preopenssl req -new -key ssl/private/apachekey.pem -out request.csr/pre
2. it is important to fill out all the information; if this is a single FQDN cert, I suggest 'secure.lt;domain namegt; and copying the domain name from a web browser URL or something to avoid any possibility of a typo
3. go to the SSL cert provider (certificate authority==CA), I used to recommend comodo.com or instantssl.com (same place), but really there are no good choices and who does the least bad job changes pretty fast.
4. you'll copy and paste or upload the certificate request (CSR) to the CA
5. there'll be some sort of 'verification process'

If you can help it, don't bother with the 'extended validation' (EV) certificates. The green bar is nice and all, but the claim that 1/3 of web users rely on the green bar and EV certs is absolute bullshit. I would be surprised if one-third of web users noticed, let alone knew about either. Regular SSL is good enough and EV is more than anything else a way for the SSL racketeers to bilk companies out of even more money. That being said, if you're doing a lot of business, then it may be worth it. You can always upgrade to EV. But seriously, SSL certs are a racket.

To create a self-signed certificate, use the 'ssl_gen' utility. (TODO: link.)