Apache allows you to use a self signed certificate. This allows you to encrypt the data that is sent between the server and client browser, but importantly it does not say who you are. You can change this by gettings some one else to sign your certifate and then it is supposed to be trusted but this costs.

So in theory you could be sending encrypted data from a fake server. But as I’m not bothered about this I just sign my own and get along with it.

I was reminded of the procedure for creating your own certificate today when mine from last year ran out. I knew it would run out soon but didn’t know it had happened until I got two messages today. The first was the warning about using an out of date certificate, the second my usual about using an encrypted page.

A quick search through my servers home page turned up the following:

/usr/bin/openssl req -new -key /home/e-smith/ssl.key/server.key -x509 -days 365 -out /home/e-smith/ssl.crt/server.crt

I decided that I didn’t want to have it run out after a year so I changed the 365 to 730 and now I’m secure and valid for another 2 years, if not trusted by every one…