1

I have a server with some web applications, and I'd like to enable HTTPS to minimize the chance of someone picking up my authentication information.

However, I don't really want to shell out for certificates since I add new sites to this regularly as part of consulting and private projects, so instead I'd just like to create a certificate and convert the site into using HTTPS.

However, this gives me warnings in the browser about untrusted certificates.

How do I go about making my own computers trust these certificates?

Lasse V. Karlsen
  • 3,766

4 Answers4

2

However, I don't really want to shell out for certificates since I add new sites to this regularly as part of consulting and private projects, so instead I'd just like to create a certificate and convert the site into using HTTPS.

While you could do self signed certs, and its probably still an option in a testing environment, there's probably significantly better ways to do it in 2018.

Letsencrypt's what I use - they do free certificates, including wildcards and for basic certs they're a great option. You can pretty trivially spin up new certs (and on many modern http servers - there's plugins to keep them updated) and they are accepted by most modern browsers. Cloudflare also seems to offer it, if you need to stick it in front of an existing service.

I pair this with mozilla's ssl generator server side, which gives me a sane starting point for my configuration.

Journeyman Geek
  • 133,878
1

Certificates are organised in a chain of certificates.

First you have a root certificate (public key) (Let's say Verisign etc... who keeps the private key). Then they issue certificates that by signing private/public keys of other people and putting them into certificates.

So for you to trust your own certificates, you have to do the same: create a root certificate and private key, then signing sub-certificates for your site.

Then you add the (public) root certificate to your browser so that he can verify the sub-certificates against the public key of your CA, et voila!

If you create a new site, just issue a new cert for it, and sign it as well.

M'vy
  • 3,950
0

Think you might want "Installing and Removing Trusted Certificates" from http://technet.microsoft.com/en-us/library/preferences/locale/?returnurl=%252fen-us%252flibrary%252fdd361898.aspx

James
  • 1,215
0

Would be good to know the OS and software of your server as well as client to give more specific answers to doing this, but generally speaking, importing your own CA's public key will allow you to trust all the keys signed by that CA.

Alternately, you can also get free, valid SSL certificates through https://www.startssl.com/

emgee
  • 4,627