How do I go about creating my own self signed certificate? Or can I? If not, how do I go about buying one?

you can't create your own ssl, you can buy them for 1 or 2 years from www.thawte.com or, as i was looking at www.apache-ssl.org which seemed to be free, but haven't really read it yet. apache-ssl seems like a better choice, but others might have a different idea.

Originally posted by LogicBrendan
you can't create your own ssl, you can buy them for 1 or 2 years from www.thawte.com or, as i was looking at www.apache-ssl.org which seemed to be free, but haven't really read it yet. apache-ssl seems like a better choice, but others might have a different idea.

AFAIK, you *can* create your own generic certificate. It just won't be authenticated by the browsers since it's not signed by a recognized authority. I believe the secure page will come up, but a popup warning might also (which you could disable with javascript).

I've seen secure pages recently with no certificate information or a popup, so it *can* be done I believe. I *halfway* did it once, but it's been awhile, and I don't remember exactly how I did it. I only got as far as creating a public key and private key, passphrase, etc. You can do this thru telnet. Seems like I used a unix command such as "sysgen". I don't know if you can do it thru PGP on a CPanel or not. As I recall I could not complete the task because I didn't have access to the directory to load my passphrase. Sorry I could'nt be of more help.

Although you can create your own generic certificate it's not a good idea to use it for your business. Generic certificate always comes with an annoying popup windows warning that your certificate is not trusted therefore your customers will be afraid of providing sensitive information through your secure page. You should ask your hosting provider whether they offer shared SSL certificate or not, it is cheapest way to secure your pages. If you want your own SSL certificate you can buy one from Verisign, Thawte.

Originally posted by NetworksData
Although you can create your own generic certificate it's not a good idea to use it for your business. Generic certificate always comes with an annoying popup windows warning that your certificate is not trusted therefore your customers will be afraid of providing sensitive information through your secure page. You should ask your hosting provider whether they offer shared SSL certificate or not, it is cheapest way to secure your pages. If you want your own SSL certificate you can buy one from Verisign, Thawte.

GENERIC CERTIFICATE - As I previously stated, the popup can be disabled by putting a simple javascript into your secure page.(should I really give this secret away?...lol) As much as I loathe Javascript (I'd rather be writing Perl), here's some that will kill the popup quite nicely for you...
<script language="Javascript">
onAlert=return true;
</script>
As long as people see a lock while on your secure page, how many people are going to check your certificate if there is no popup? I'd say "very few." So your own certificate may work fine for you and your customers.

SHARED CERTIFICATE - watch out for these. Many shared ssl's are so busy that your customers may not be able to access your secure pages very often or have a long wait before the page comes up. Also, many of the shared ones can be traced back to the real host even with an aliased nameserver.

BOUGHT CERTIFICATE - of course this is the best way to go if you can afford it. I suggest Thawte. It's the cheapest one that is compatible with most browsers.

Geotrust certs are cheaper than Thawte and you can have them ordered, installed within 10 Minutes or less.

http://www.geotrust.com